Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml external entity vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-40507
LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote malicious users to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulne...
NA
CVE-2023-5136
An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.
Ni Topografix Data Plugin 2023
Ni Diadem 2015
Ni Diadem 2014
Ni Diadem 2019
Ni Diadem 2018
Ni Diadem 2017
Ni Diadem 2020
Ni Diadem 2021
Ni Diadem 2022
Ni Diadem 2023
Ni Veristand 2017
Ni Veristand 2016
Ni Veristand 2014
Ni Veristand 2015
Ni Veristand 2013
Ni Veristand 2018
Ni Veristand 2019
Ni Veristand 2020
Ni Veristand 2021
Ni Veristand 2023
Ni Flexlogger 2021
Ni Flexlogger 2018
NA
CVE-2023-39472
Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote malicious users to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is requ...
785
VMScore
CVE-2014-0644
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote malicious users to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by...
Emc Cloud Tiering Appliance Software 10.0
Emc Cloud Tiering Appliance -
1 EDB exploit
405
VMScore
CVE-2014-7177
XML External Entity vulnerability in Enalean Tuleap 7.2 and previous versions allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.
Enalean Tuleap
1 EDB exploit
802
VMScore
CVE-2022-21949
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote malicious users to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privil...
Opensuse Open Build Service
383
VMScore
CVE-2020-26981
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of special...
Siemens Jt2go
Siemens Teamcenter Visualization
195
VMScore
CVE-2017-7457
XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.
Moxa Mx-aopc Server 1.5
1 EDB exploit
435
VMScore
CVE-2014-3004
The default configuration for the Xerces SAX Parser in Castor prior to 1.3.3 allows context-dependent malicious users to conduct XML External Entity (XXE) attacks via a crafted XML document.
Castor Project Castor
Castor Project Castor 1.3.1
Castor Project Castor 1.3
Opensuse Project Opensuse 12.3
Opensuse Opensuse 13.1
1 EDB exploit
785
VMScore
CVE-2019-10266
An issue exists in Ahsay Cloud Backup Suite prior to 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication.
Ahsay Cloud Backup Suite
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »