xxe vulnerabilities and exploits

NA
CVE-2019-11216

BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are...

5
CVSSv2
CVE-2018-1308

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read...

5.5
CVSSv2
CVE-2018-17152

Intersystems Cache 2017.2.2.865.0 allows XXE....

4
CVSSv2
CVE-2013-7140

XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been...

4.9
CVSSv2
CVE-2018-15444

A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML...

7.5
CVSSv2
CVE-2018-6489

XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability can be exploited to allow XML External Entity (XXE)...

7.5
CVSSv2
CVE-2018-14065

XMLReader.php in PHPOffice Common before 0.2.9 allows XXE....

6.4
CVSSv2
CVE-2015-1833

XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a...

ApacheJackrabbit
7.5
CVSSv2
CVE-2018-20059

jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE....

7.5
CVSSv2
CVE-2015-7241

XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01....

SapNetweaver