Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xxe vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-5214
nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x prior to 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query parameter containing an XML external entity declaration in conjunction with an en...
Microfocus Access Manager 4.0
Microfocus Access Manager 4.0.1
NA
CVE-2014-5215
NetIQ Access Manager (NAM) 4.x prior to 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords via a request to (1) roma/jsp/volsc/monitoring/dev_services.jsp or (2) roma/jsp/debug/debug.jsp.
Microfocus Access Manager 4.0.1
Microfocus Access Manager 4.0
NA
CVE-2014-5217
Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x prior to 4.1 allows remote malicious users to hijack the authentication of administrators for requests that change the administrative passw...
Microfocus Access Manager 4.0.1
Microfocus Access Manager 4.0
9.8
CVSSv3
CVE-2018-1285
Apache log4net versions prior to 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.
Apache Log4net
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Oracle Application Testing Suite 13.3.0.1
Oracle Hospitality Simphony 19.1.3
Oracle Hospitality Simphony 18.2.7.2
Oracle Hospitality Opera 5 5.5
Oracle Hospitality Opera 5 5.6
Netapp Snapcenter -
Netapp Manageability Software Development Kit -
4 Github repositories
9.8
CVSSv3
CVE-2023-49733
Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 prior to 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.
Apache Cocoon
9.8
CVSSv3
CVE-2018-20433
c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.
Mchange C3p0 0.9.5.2
Debian Debian Linux 8.0
7.4
CVSSv3
CVE-2018-2660
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 7.3.5.x and 8.0.x. Easily exploitable vulnerability allows low privileged attac...
Oracle Financial Services Analytical Applications Infrastructure 7.3.5.0.0
Oracle Financial Services Analytical Applications Infrastructure 7.3.5.1.0
Oracle Financial Services Analytical Applications Infrastructure 7.3.5.2.0
Oracle Financial Services Analytical Applications Infrastructure 7.3.5.3.0
Oracle Financial Services Analytical Applications Infrastructure 8.0.5.0.0
Oracle Financial Services Analytical Applications Infrastructure 8.0.4.0.0
Oracle Financial Services Analytical Applications Infrastructure 8.0.2.0.0
Oracle Financial Services Analytical Applications Infrastructure 8.0.0.0.0
Oracle Financial Services Analytical Applications Infrastructure 8.0.3.0.0
Oracle Financial Services Analytical Applications Infrastructure 8.0.1.0.0
6.1
CVSSv3
CVE-2018-2661
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 7.3.5.x and 8.0.x. Easily exploitable vulnerability allows unauthenticated atta...
Oracle Financial Services Analytical Applications Infrastructure 7.3.5.0.0
Oracle Financial Services Analytical Applications Infrastructure 7.3.5.2.0
Oracle Financial Services Analytical Applications Infrastructure 8.0.2.0.0
Oracle Financial Services Analytical Applications Infrastructure 8.0.0.0.0
Oracle Financial Services Analytical Applications Infrastructure 7.3.5.3.0
Oracle Financial Services Analytical Applications Infrastructure 8.0.5.0.0
Oracle Financial Services Analytical Applications Infrastructure 8.0.4.0.0
Oracle Financial Services Analytical Applications Infrastructure 8.0.3.0.0
Oracle Financial Services Analytical Applications Infrastructure 7.3.5.1.0
Oracle Financial Services Analytical Applications Infrastructure 8.0.1.0.0
9.1
CVSSv3
CVE-2017-1000190
SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.
Simplexml Project Simplexml 2.7.1
1 Github repository
NA
CVE-2014-7177
XML External Entity vulnerability in Enalean Tuleap 7.2 and previous versions allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.
Enalean Tuleap
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »