Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xpath injection vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2010-1740
SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows remote malicious users to execute arbitrary SQL commands via the lng parameter.
Freeguppy Guppy 4.5.18
1 EDB exploit
NA
CVE-2013-6735
IBM WebSphere Portal 6.0.0.x up to and including 6.0.0.1, 6.0.1.x up to and including 6.0.1.7, 6.1.0.x up to and including 6.1.0.6 CF27, 6.1.5.x up to and including 6.1.5.3 CF27, 7.0.0.x up to and including 7.0.0.2 CF26, and 8.0.0.x up to and including 8.0.0.1 CF08 allows remote ...
Ibm Websphere Portal 7.0.0.1
Ibm Websphere Portal 7.0.0.2
Ibm Websphere Portal 6.1.0.2
Ibm Websphere Portal 6.1.0.3
Ibm Websphere Portal 6.1.0.4
Ibm Websphere Portal 6.0.1.4
Ibm Websphere Portal 6.0.1.5
Ibm Websphere Portal 6.1.5.0
Ibm Websphere Portal 6.1.5.1
Ibm Websphere Portal 6.1.0.5
Ibm Websphere Portal 6.1.0.6
Ibm Websphere Portal 6.0.1.6
Ibm Websphere Portal 6.0.1.7
Ibm Websphere Portal 8.0.0.1
Ibm Websphere Portal 6.1.5.2
Ibm Websphere Portal 6.1.5.3
Ibm Websphere Portal 6.0.1.0
Ibm Websphere Portal 6.0.1.1
Ibm Websphere Portal 6.0.0.1
Ibm Websphere Portal 6.0.0.0
Ibm Websphere Portal 8.0.0.0
Ibm Websphere Portal 7.0.0.0
7.5
CVSSv3
CVE-2016-6272
XPath injection vulnerability in Epic MyChart allows remote malicious users to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection vulnerability, but...
Epic Mychart -
1 EDB exploit
NA
CVE-2012-4840
IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote malicious users to conduct XPath injection attacks, and call XPath extension functions, via unspecified vectors.
Ibm Cognos Business Intelligence 8.4.1
Ibm Cognos Business Intelligence 10.1
Ibm Cognos Business Intelligence 10.1.1
Ibm Cognos Business Intelligence 10.2
9.8
CVSSv3
CVE-2015-20108
xml_security.rb in the ruby-saml gem prior to 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.
Onelogin Ruby-saml
9.8
CVSSv3
CVE-2013-7287
MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.
Mobileiron Sentry
Mobileiron Virtual Smartphone Platform
7.5
CVSSv3
CVE-2013-7286
MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm
Att Mobileiron Sentry
Att Mobileiron Virtual Smartphone Platform
6.5
CVSSv3
CVE-2019-0370
Due to missing input validation, SAP Financial Consolidation, prior to 10.0 and 10.1, enables an malicious user to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.
Sap Financial Consolidation 10.0
Sap Financial Consolidation 10.1
7.5
CVSSv3
CVE-2023-38207
Adobe Commerce versions 2.4.6-p1 (and previous versions), 2.4.5-p3 (and previous versions) and 2.4.4-p4 (and previous versions) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read. Exploitation of this issu...
Adobe Commerce 2.4.4
Adobe Commerce 2.4.5
Adobe Commerce
Adobe Commerce 2.4.6
NA
CVE-2012-4837
IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors.
Ibm Cognos Business Intelligence 10.1
Ibm Cognos Business Intelligence 10.1.1
Ibm Cognos Business Intelligence 10.2
Ibm Cognos Business Intelligence 8.4.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »