Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml database vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-23926
APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. An XML External Entity (XXE) vulnerability found in the apoc.import.graphml procedure of APOC core plugin prior to version 5.5.0 and 4.4.0.14 (4.4 branch) in Neo4j graph database. XML External Entity (XXE) inject...
Neo4j Awesome Procedures On Cyper
7.2
CVSSv2
CVE-2018-5282
Kentico 9.0 up to and including 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a crash can be reproduced; also, read...
Kentico Kentico Cms
1 EDB exploit
4.9
CVSSv2
CVE-2012-3488
The libxslt support in contrib/xml2 in PostgreSQL 8.3 prior to 8.3.20, 8.4 prior to 8.4.13, 9.0 prior to 9.0.9, and 9.1 prior to 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or tri...
Postgresql Postgresql 9.1.2
Postgresql Postgresql 9.1.3
Postgresql Postgresql 9.1.4
Postgresql Postgresql 9.1
Postgresql Postgresql 9.1.1
Postgresql Postgresql 8.4.12
Postgresql Postgresql 8.4.6
Postgresql Postgresql 8.4.10
Postgresql Postgresql 8.4.3
Postgresql Postgresql 8.4.4
Postgresql Postgresql 8.4.7
Postgresql Postgresql 8.4.5
Postgresql Postgresql 8.4.1
Postgresql Postgresql 8.4.11
Postgresql Postgresql 8.4
Postgresql Postgresql 8.4.2
Postgresql Postgresql 8.4.8
Postgresql Postgresql 8.4.9
Postgresql Postgresql 8.3.18
Postgresql Postgresql 8.3.13
Postgresql Postgresql 8.3.2
Postgresql Postgresql 8.3.1
4
CVSSv2
CVE-2013-5433
The Data Growth Solution for JD Edwards EnterpriseOne in IBM InfoSphere Optim 3.0 up to and including 9.1 has hardcoded database credentials, which allows remote authenticated users to obtain sensitive information by reading an unspecified field in an XML document.
Ibm Infosphere Optim Data Growth Solution For Siebel Crm 3.2.1
Ibm Infosphere Optim Data Growth Solution For Siebel Crm 3.2.2
Ibm Infosphere Optim Data Growth Solution For Siebel Crm 3.2
Ibm Infosphere Optim Data Growth Solution For Siebel Crm 3.2.3
Ibm Infosphere Optim Data Growth Solution For Siebel Crm 9.1
NA
CVE-2023-4037
Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local malicious user to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter.
Setelsa-security Conacwin 3.7.1.2
6.5
CVSSv2
CVE-2019-19292
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an SQL injection vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated r...
Siemens Sinvr 3 Video Server
Siemens Sinvr 3 Central Control Server
6.4
CVSSv2
CVE-2013-3221
The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote malicious users to conduct dat...
Rubyonrails Rails 2.3.14
Rubyonrails Rails 2.3.13
Rubyonrails Rails 2.3.4
Rubyonrails Rails 2.3.12
Rubyonrails Rails 2.3.10
Rubyonrails Rails 2.3.9
Rubyonrails Rails 2.3.1
Rubyonrails Rails 2.3.16
Rubyonrails Rails 2.3.15
Rubyonrails Rails 2.3.3
Rubyonrails Rails 2.3.11
Rubyonrails Rails 2.3.0
Rubyonrails Rails 2.3.2
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.0.13
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.4
5
CVSSv2
CVE-2004-2244
The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and previous versions, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote malicious users to cause a denial of service (CPU and memory consumptio...
Oracle Application Server 1.0.2.2.2
Oracle Application Server 9.0.3
Oracle Application Server 9.0.3.1
Oracle Oracle9i Standard 9.0.1.4
Oracle Oracle9i Standard 9.2.0.1
Oracle Oracle9i Enterprise 9.2.0.2
Oracle Oracle9i Personal 9.0.1.4
Oracle Oracle9i Enterprise 9.0.1.4
Oracle Oracle9i Enterprise 9.2.0.1
Oracle Oracle9i Standard 9.2.0.2
Oracle Application Server 1.0.2.2
Oracle Oracle9i Personal 9.2.0.1
Oracle Oracle9i Personal 9.2.0.2
9
CVSSv2
CVE-2019-13024
Centreon 18.x prior to 18.10.6, 19.x prior to 19.04.3, and Centreon web prior to 2.8.29 allows the malicious user to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command int...
Centreon Centreon 19.04.0
1 EDB exploit
4 Github repositories
4
CVSSv2
CVE-2012-5614
Oracle MySQL 5.1.67 and previous versions and 5.5.29 and previous versions, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large nu...
Oracle Mysql
Mariadb Mariadb
Redhat Enterprise Linux Server Aus 6.4
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Eus 6.4
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29758
CVE-2023-42931
unauthorized
CVE-2024-1540
unprivileged
CVE-2023-24955
CVE-2024-20259
logic flaw
CVE-2024-20333
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »