Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xxe vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2019-11216
BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are a...
Bmc Remedy Smart Reporting
4.3
CVSSv2
CVE-2014-3004
The default configuration for the Xerces SAX Parser in Castor prior to 1.3.3 allows context-dependent malicious users to conduct XML External Entity (XXE) attacks via a crafted XML document.
Castor Project Castor
Castor Project Castor 1.3.1
Castor Project Castor 1.3
Opensuse Project Opensuse 12.3
Opensuse Opensuse 13.1
1 EDB exploit
4
CVSSv2
CVE-2016-8526
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can ...
Hp Airwave
1 EDB exploit
4.3
CVSSv2
CVE-2016-8527
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative ...
Hp Airwave
1 EDB exploit
5
CVSSv2
CVE-2017-9231
XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x prior to 10.5 RP3 allows malicious users to obtain sensitive information via unspecified vectors.
Citrix Xenmobile Server 10.3.6
Citrix Xenmobile Server 10.4
Citrix Xenmobile Server 10.0
Citrix Xenmobile Server 10.1
Citrix Xenmobile Server 10.3
Citrix Xenmobile Server 10.3.5
Citrix Xenmobile Server 10.5
Citrix Xenmobile Server 9.0
7.5
CVSSv2
CVE-2018-12463
An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
Hp Fortify Software Security Center 18.1
Hp Fortify Software Security Center 17.2
Hp Fortify Software Security Center 17.1
1 EDB exploit
1 Github repository
6.4
CVSSv2
CVE-2016-3974
XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 up to and including 7.5 allows remote malicious users to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~we...
Sap Netweaver Application Server Java
1 EDB exploit
4
CVSSv2
CVE-2017-15639
tasks/feed/readRSS.cfm in Mura CMS prior to 6.2 allows malicious users to bypass intended access restrictions by leveraging the "draggable feeds" feature.
Getmura Mura Cms
1 EDB exploit
6.8
CVSSv2
CVE-2016-10127
PySAML2 allows remote malicious users to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
Pysaml2 Project Pysaml2 -
5
CVSSv2
CVE-2019-9621
Zimbra Collaboration Suite prior to 8.6 patch 13, 8.7.x prior to 8.7.11 patch 10, and 8.8.x prior to 8.8.10 patch 7 or 8.8.x prior to 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
Zimbra Collaboration Server 8.6.0
Zimbra Collaboration Server
Zimbra Collaboration Server 8.7.11
Zimbra Collaboration Server 8.8.10
Zimbra Collaboration Server 8.8.11
2 EDB exploits
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »