Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml database vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-24055
KeePass up to and including 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be...
Keepass Keepass
10 Github repositories
355
VMScore
CVE-2014-0894
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 up to and including 4.7.0 prior to 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent malicious users to discover database credentials by reading the DbUser and DbPass fields in an XML document.
Ibm Algorithmics -
Ibm Algo Credit Limits 4.5.0
Ibm Algo Credit Limits 4.7.0
1 EDB exploit
578
VMScore
CVE-2019-12831
In MyBB prior to 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by t...
Mybb Mybb
383
VMScore
CVE-2016-6607
XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack); Relation view; th...
Phpmyadmin Phpmyadmin 4.4.15.7
Phpmyadmin Phpmyadmin 4.4.0
Phpmyadmin Phpmyadmin 4.4.13.1
Phpmyadmin Phpmyadmin 4.4.14.1
Phpmyadmin Phpmyadmin 4.4.15.6
Phpmyadmin Phpmyadmin 4.4.2
Phpmyadmin Phpmyadmin 4.4.1
Phpmyadmin Phpmyadmin 4.4.1.1
Phpmyadmin Phpmyadmin 4.4.15
Phpmyadmin Phpmyadmin 4.4.15.1
Phpmyadmin Phpmyadmin 4.4.3
Phpmyadmin Phpmyadmin 4.4.4
Phpmyadmin Phpmyadmin 4.4.5
Phpmyadmin Phpmyadmin 4.4.10
Phpmyadmin Phpmyadmin 4.4.11
Phpmyadmin Phpmyadmin 4.4.15.2
Phpmyadmin Phpmyadmin 4.4.15.3
Phpmyadmin Phpmyadmin 4.4.6
Phpmyadmin Phpmyadmin 4.4.6.1
Phpmyadmin Phpmyadmin 4.4.12
Phpmyadmin Phpmyadmin 4.4.13
Phpmyadmin Phpmyadmin 4.4.15.4
NA
CVE-2022-4607
A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The ...
Tum Ogc Web Feature Service
783
VMScore
CVE-2011-1036
The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server prior to 8.1.0.88, and the client prior to 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 201...
Ca Host-based Intrusion Prevention System 8.1
Ca Internet Security Suite 2010
Ca Internet Security Suite 2011
445
VMScore
CVE-2019-18337
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote a...
Siemens Sinvr 3 Video Server
Siemens Sinvr 3 Central Control Server
490
VMScore
CVE-2017-6698
A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote malicious user to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka...
Cisco Prime Infrastructure 2.0\\(4.0.45b\\)
Cisco Prime Infrastructure 3.1\\(1\\)
NA
CVE-2024-25129
The CodeQL CLI repo holds binaries for the CodeQL command line interface (CLI). Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process eith...
505
VMScore
CVE-2003-0231
Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
Microsoft Sql Server 2000
Microsoft Data Engine 1.0
Microsoft Sql Server 7.0
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »