Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml database vulnerabilities and exploits
(subscribe to this query)
516
VMScore
CVE-2015-6012
Multiple open redirect vulnerabilities in Web Reference Database (aka refbase) up to and including 0.9.6 and bleeding-edge prior to 2015-01-08 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via the referrer parameter.
Refbase Refbase
383
VMScore
CVE-2015-6010
Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) up to and including 0.9.6 and bleeding-edge prior to 2015-01-08 allow remote malicious users to inject arbitrary web script or HTML via the (1) errorNo or (2) errorMsg parameter to error.p...
Refbase Refbase
755
VMScore
CVE-2015-6008
install.php in Web Reference Database (aka refbase) up to and including 0.9.6 allows remote malicious users to execute arbitrary commands via the adminPassword parameter, a different issue than CVE-2015-7381.
Refbase Refbase
1 EDB exploit
755
VMScore
CVE-2015-6009
Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) up to and including 0.9.6 allow remote malicious users to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issue than CVE-2...
Refbase Refbase
1 EDB exploit
187
VMScore
CVE-2020-27019
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an malicious user to access a specific database and key.
Trendmicro Interscan Messaging Security Virtual Appliance
356
VMScore
CVE-2021-31341
Uploading a table mapping using a manipulated XML file results in an exception that could expose information about the application-server and the used XML-framework on the Mendix Database Replication Module (All versions prior to v7.0.1).
445
VMScore
CVE-2022-31447
An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows malicious users to access sensitive database information via a crafted SVG file.
Magicpin Magicpin 3.4
358
VMScore
CVE-2012-3489
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 prior to 8.3.20, 8.4 prior to 8.4.13, 9.0 prior to 9.0.9, and 9.1 prior to 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obta...
Postgresql Postgresql
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Opensuse Opensuse 12.1
Apple Mac Os X Server 10.6.8
Apple Mac Os X Server
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 12.04
Debian Debian Linux 6.0
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Desktop 5.0
Redhat Enterprise Linux Eus 6.3
445
VMScore
CVE-2000-0385
FileMaker Pro 5 Web Companion allows remote malicious users to bypass Field-Level database security restrictions via the XML publishing or email capabilities.
Filemaker Filemaker 5.0
445
VMScore
CVE-2018-2465
SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash.
Sap Hana 2.0
Sap Hana 1.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29758
CVE-2023-42931
unauthorized
CVE-2024-1540
unprivileged
CVE-2023-24955
CVE-2024-20259
logic flaw
CVE-2024-20333
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »