Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xxe vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-2392
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.
Sap Internet Graphics Server 7.20
Sap Internet Graphics Server 7.20ext
Sap Internet Graphics Server 7.45
Sap Internet Graphics Server 7.53
Sap Internet Graphics Server 7.49
1 Metasploit module
1 Github repository
5
CVSSv2
CVE-2018-2393
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.
Sap Internet Graphics Server 7.20
Sap Internet Graphics Server 7.20ext
Sap Internet Graphics Server 7.45
Sap Internet Graphics Server 7.49
Sap Internet Graphics Server 7.53
1 Metasploit module
1 Github repository
4
CVSSv2
CVE-2015-7743
XML external entity vulnerability in PRTG Network Monitor prior to 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file.
Paessler Prtg Network Monitor
9
CVSSv2
CVE-2016-4014
XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote malicious users to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389.
Sap Netweaver 7.4
1 Github repository
NA
CVE-2016-401410
An attacker can trigger an XML Entity Expansion or XML External Entity Injection. This causes the entire machine to become unresponsive until the process is terminated manually. An attacker can use this flaw to perform a denial-of-service (DoS) attack. SAP NetWeaver AS JAVA versi...
4
CVSSv2
CVE-2018-10175
Digital Guardian Management Console 7.1.2.0015 has an XXE issue.
Digitalguardian Management Console 7.1.2.0015
4
CVSSv2
CVE-2019-10080
The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE) and reveal information such as the versions of Java, Jersey, and A...
Apache Nifi
7.5
CVSSv2
CVE-2019-9670
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x prior to 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.
Synacor Zimbra Collaboration Suite 8.7.11
Synacor Zimbra Collaboration Suite
1 EDB exploit
6 Github repositories
7.5
CVSSv2
CVE-2014-3005
XML external entity (XXE) vulnerability in Zabbix 1.8.x prior to 1.8.21rc1, 2.0.x prior to 2.0.13rc1, 2.2.x prior to 2.2.5rc1, and 2.3.x prior to 2.3.2 allows remote malicious users to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
Zabbix Zabbix 2.2.1
Zabbix Zabbix 2.2.3
Zabbix Zabbix 2.0.5
Zabbix Zabbix 2.0.7
Zabbix Zabbix 2.0.12
Zabbix Zabbix 1.8.1
Zabbix Zabbix 1.8.8
Zabbix Zabbix 1.8.10
Zabbix Zabbix 1.8.17
Zabbix Zabbix 1.8.19
Zabbix Zabbix 2.3.0
Zabbix Zabbix 2.3.1
Zabbix Zabbix 2.2.0
Zabbix Zabbix 2.0.8
Zabbix Zabbix 2.0.9
Zabbix Zabbix 2.0.10
Zabbix Zabbix 2.0.11
Zabbix Zabbix 1.8.12
Zabbix Zabbix 1.8.13
Zabbix Zabbix 1.8.14
Zabbix Zabbix 1.8.15
Zabbix Zabbix 2.0.0
6.4
CVSSv2
CVE-2011-2719
libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x prior to 3.3.10.3 and 3.4.x prior to 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote malicious users to modify the SESSION superglobal array, other superglobal arrays,...
Phpmyadmin Phpmyadmin 3.0.1.1
Phpmyadmin Phpmyadmin 3.2.1
Phpmyadmin Phpmyadmin 3.3.10.0
Phpmyadmin Phpmyadmin 3.1.4
Phpmyadmin Phpmyadmin 3.1.3
Phpmyadmin Phpmyadmin 3.3.8.1
Phpmyadmin Phpmyadmin 3.2.0
Phpmyadmin Phpmyadmin 3.3.10.1
Phpmyadmin Phpmyadmin 3.1.2
Phpmyadmin Phpmyadmin 3.1.0
Phpmyadmin Phpmyadmin 3.3.3.0
Phpmyadmin Phpmyadmin 3.0.0
Phpmyadmin Phpmyadmin 3.3.4.0
Phpmyadmin Phpmyadmin 3.3.9.2
Phpmyadmin Phpmyadmin 3.3.1.0
Phpmyadmin Phpmyadmin 3.3.7
Phpmyadmin Phpmyadmin 3.1.5
Phpmyadmin Phpmyadmin 3.1.1
Phpmyadmin Phpmyadmin 3.3.5.0
Phpmyadmin Phpmyadmin 3.3.0.0
Phpmyadmin Phpmyadmin 3.3.6
Phpmyadmin Phpmyadmin 3.3.2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975
CVE-2024-2961
CVE-2024-20380
XML injection
HTML injection
CVE-2024-29204
CVE-2023-51795
memory leak
CVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »