Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml external entity vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-0207
A vulnerability in the web-based user interface of the Cisco Secure Access Control Server before 5.8 patch 9 could allow an unauthenticated, remote malicious user to gain read access to certain information in the affected system. The vulnerability is due to improper handling of X...
Cisco Secure Access Control Server Solution Engine 5.8\\(0.8\\)
5
CVSSv2
CVE-2012-4399
The Xml class in CakePHP 2.1.x prior to 2.1.5 and 2.2.x prior to 2.2.1 allows remote malicious users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
Cakefoundation Cakephp
1 EDB exploit
5.5
CVSSv2
CVE-2016-1358
Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) ...
Cisco Prime Infrastructure 3.0
Cisco Prime Infrastructure 2.2
Cisco Prime Infrastructure 3.1
NA
CVE-2023-32567
Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236
Ivanti Avalanche
6.4
CVSSv2
CVE-2017-3548
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network acc...
Oracle Peoplesoft Enterprise Peopletools 8.55
Oracle Peoplesoft Enterprise Peopletools 8.54
2 EDB exploits
NA
CVE-2022-46300
Versions of VISAM VBASE Automation Base before 11.7.5 may disclose information if a valid user opens a specially crafted file.
Visam Vbase Automation Base
5
CVSSv2
CVE-2021-2401
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with netwo...
Oracle Bi Publisher 12.2.1.4.0
Oracle Bi Publisher 11.1.1.9.0
Oracle Bi Publisher 12.2.1.3.0
Oracle Bi Publisher 5.5.0.0.0
4
CVSSv2
CVE-2016-3473
Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality via unknown vectors.
Oracle Business Intelligence Publisher 12.2.1.0.0
Oracle Business Intelligence Publisher 11.1.1.9.0
Oracle Business Intelligence Publisher 11.1.1.7.0
1 EDB exploit
4.3
CVSSv2
CVE-2016-6408
Cisco Prime Home 5.2.0 allows remote malicious users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCvb17814.
Cisco Prime Home 5.2.0
NA
CVE-2023-22274
Adobe RoboHelp Server versions 11.4 and previous versions are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require...
Adobe Robohelp Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »