Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xxe vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-3437
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote malicious users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, rel...
Symantec Endpoint Protection Manager 12.1.1
Symantec Endpoint Protection Manager 12.1.2
Symantec Endpoint Protection Manager 12.1.0
Symantec Endpoint Protection Manager 12.1.3
Symantec Endpoint Protection Manager
1 EDB exploit
NA
CVE-2014-3439
ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote malicious users to write to arbitrary files via unspecified vectors.
Symantec Endpoint Protection Manager 12.1.0
Symantec Endpoint Protection Manager 12.1.3
Symantec Endpoint Protection Manager
Symantec Endpoint Protection Manager 12.1.1
Symantec Endpoint Protection Manager 12.1.2
1 EDB exploit
7.5
CVSSv3
CVE-2018-1308
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrar...
Apache Solr
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
NA
CVE-2011-2642
Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin prior to 3.3.10.3 and 3.4.x prior to 3.4.3.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name.
Phpmyadmin Phpmyadmin 3.0.1.1
Phpmyadmin Phpmyadmin 3.2.1
Phpmyadmin Phpmyadmin 3.3.10.0
Phpmyadmin Phpmyadmin 2.11.1.2
Phpmyadmin Phpmyadmin 3.1.4
Phpmyadmin Phpmyadmin 3.1.3
Phpmyadmin Phpmyadmin 2.11.5.1
Phpmyadmin Phpmyadmin 2.11.5.0
Phpmyadmin Phpmyadmin 3.3.8.1
Phpmyadmin Phpmyadmin 3.2.0
Phpmyadmin Phpmyadmin 3.3.10.1
Phpmyadmin Phpmyadmin 3.1.2
Phpmyadmin Phpmyadmin 2.11.9.0
Phpmyadmin Phpmyadmin 3.1.0
Phpmyadmin Phpmyadmin 2.11.9.1
Phpmyadmin Phpmyadmin 3.3.3.0
Phpmyadmin Phpmyadmin 3.0.0
Phpmyadmin Phpmyadmin 3.3.4.0
Phpmyadmin Phpmyadmin 3.3.9.2
Phpmyadmin Phpmyadmin 2.11.5.2
Phpmyadmin Phpmyadmin 2.11.2.2
Phpmyadmin Phpmyadmin 2.11.8.0
NA
CVE-2011-3181
Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x prior to 3.3.10.4 and 3.4.x prior to 3.4.4 allow remote malicious users to inject arbitrary web script or HTML via a (1) table name, (2) column name, or (3) index name.
Phpmyadmin Phpmyadmin 3.3.3.0
Phpmyadmin Phpmyadmin 3.3.4.0
Phpmyadmin Phpmyadmin 3.3.6
Phpmyadmin Phpmyadmin 3.3.9.1
Phpmyadmin Phpmyadmin 3.3.5.1
Phpmyadmin Phpmyadmin 3.3.2.0
Phpmyadmin Phpmyadmin 3.3.9.2
Phpmyadmin Phpmyadmin 3.3.9.0
Phpmyadmin Phpmyadmin 3.3.8
Phpmyadmin Phpmyadmin 3.3.1.0
Phpmyadmin Phpmyadmin 3.3.10.0
Phpmyadmin Phpmyadmin 3.3.10.1
Phpmyadmin Phpmyadmin 3.3.8.1
Phpmyadmin Phpmyadmin 3.3.5.0
Phpmyadmin Phpmyadmin 3.3.7
Phpmyadmin Phpmyadmin 3.3.0.0
Phpmyadmin Phpmyadmin 3.3.10.2
Phpmyadmin Phpmyadmin 3.3.10.3
Phpmyadmin Phpmyadmin 3.4.3.1
Phpmyadmin Phpmyadmin 3.4.0.0
Phpmyadmin Phpmyadmin 3.4.3.0
Phpmyadmin Phpmyadmin 3.4.1.0
NA
CVE-2011-1940
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x prior to 3.3.10.1 and 3.4.x prior to 3.4.1 allow remote malicious users to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1)...
Phpmyadmin Phpmyadmin 3.3.10.0
Phpmyadmin Phpmyadmin 3.4.0.0
Phpmyadmin Phpmyadmin 3.3.8.1
Phpmyadmin Phpmyadmin 3.3.3.0
Phpmyadmin Phpmyadmin 3.3.4.0
Phpmyadmin Phpmyadmin 3.3.9.2
Phpmyadmin Phpmyadmin 3.3.1.0
Phpmyadmin Phpmyadmin 3.3.7
Phpmyadmin Phpmyadmin 3.3.5.0
Phpmyadmin Phpmyadmin 3.3.0.0
Phpmyadmin Phpmyadmin 3.3.6
Phpmyadmin Phpmyadmin 3.3.2.0
Phpmyadmin Phpmyadmin 3.3.9.0
Phpmyadmin Phpmyadmin 3.3.5.1
Phpmyadmin Phpmyadmin 3.3.9.1
Phpmyadmin Phpmyadmin 3.3.8
6.5
CVSSv3
CVE-2011-4107
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x prior to 3.4.7.1 and 3.3.x prior to 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML extern...
Phpmyadmin Phpmyadmin
Fedoraproject Fedora 16
Fedoraproject Fedora 15
Fedoraproject Fedora 14
Debian Debian Linux 5.0
1 EDB exploit
NA
CVE-2014-3004
The default configuration for the Xerces SAX Parser in Castor prior to 1.3.3 allows context-dependent malicious users to conduct XML External Entity (XXE) attacks via a crafted XML document.
Castor Project Castor
Castor Project Castor 1.3.1
Castor Project Castor 1.3
Opensuse Project Opensuse 12.3
Opensuse Opensuse 13.1
1 EDB exploit
NA
CVE-2022-47894
Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 prior to 0.11.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict acces...
NA
CVE-2014-5216
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x prior to 4.0.1 HF3 allow remote malicious users to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to nidp...
Microfocus Access Manager 4.0.1
Microfocus Access Manager 4.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »