Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

xml external entity vulnerabilities and exploits

(subscribe to this query)

6.4
CVSSv2
CVE-2013-6407
The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue....
Apache Solr 3.6.0Apache Solr 3.6.1Apache Solr 3.6.2Apache SolrApache Solr 4.0.0
5
CVSSv2
CVE-2014-4374
NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue....
Apple Mac Os XApple Iphone Os 7.0Apple Iphone Os 7.0.1Apple Iphone Os 7.0.2Apple Iphone Os 7.0.3Apple Iphone Os 7.0.4Apple Iphone Os 7.0.5Apple Iphone Os 7.0.6Apple Iphone Os 7.1Apple Iphone Os 7.1.1Apple Iphone Os
4.3
CVSSv2
CVE-2013-1881
GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue....
Gnome Librsvg 1.0.0Gnome Librsvg 1.0.1Gnome Librsvg 1.0.2Gnome Librsvg 1.0.3Gnome Librsvg 1.1.1Gnome Librsvg 1.1.2Gnome Librsvg 1.1.3Gnome Librsvg 1.1.4Gnome Librsvg 1.1.5Gnome Librsvg 1.1.6Gnome Librsvg 2.0.0Gnome Librsvg 2.0.1Gnome Librsvg 2.1.0Gnome Librsvg 2.1.1Gnome Librsvg 2.1.2Gnome Librsvg 2.1.3Gnome Librsvg 2.1.4Gnome Librsvg 2.1.5Gnome Librsvg 2.2.0Gnome Librsvg 2.2.1Gnome Librsvg 2.2.2Gnome Librsvg 2.2.3Gnome Librsvg 2.2.4Gnome Librsvg 2.2.5Gnome Librsvg 2.3.0Gnome Librsvg 2.3.1Gnome Librsvg 2.11.0Gnome Librsvg 2.11.1Gnome Librsvg 2.12.0Gnome Librsvg 2.12.1Gnome Librsvg 2.12.2Gnome Librsvg 2.12.3Gnome Librsvg 2.12.4Gnome Librsvg 2.12.5Gnome Librsvg 2.12.6Gnome Librsvg 2.12.7Gnome Librsvg 2.13.0Gnome Librsvg 2.13.1Gnome Librsvg 2.13.2Gnome Librsvg 2.13.3Gnome Librsvg 2.13.4Gnome Librsvg 2.13.5Gnome Librsvg 2.13.90Gnome Librsvg 2.13.91Gnome Librsvg 2.13.92Gnome Librsvg 2.13.93Gnome Librsvg 2.14.0Gnome Librsvg 2.14.1Gnome Librsvg 2.14.2Gnome Librsvg 2.14.3Gnome Librsvg 2.14.4Gnome Librsvg 2.15.0Gnome Librsvg 2.15.90Gnome Librsvg 2.16.0Gnome Librsvg 2.16.1Gnome Librsvg 2.18.0Gnome Librsvg 2.18.1Gnome Librsvg 2.18.2Gnome Librsvg 2.20.0Gnome Librsvg 2.22.0Gnome Librsvg 2.22.1Gnome Librsvg 2.22.2Gnome Librsvg 2.22.3Gnome Librsvg 2.26.0Gnome Librsvg 2.26.1Gnome Librsvg 2.26.2Gnome Librsvg 2.26.3Gnome Librsvg 2.31.0Gnome Librsvg 2.32.0Gnome Librsvg 2.32.1Gnome Librsvg 2.34.0Gnome Librsvg 2.34.1Gnome Librsvg 2.34.2Gnome Librsvg 2.35.0Gnome Librsvg 2.35.1Gnome Librsvg 2.35.2Gnome Librsvg 2.36.0Gnome Librsvg 2.36.1Gnome Librsvg 2.36.2Gnome Librsvg 2.36.3Gnome Librsvg
5
CVSSv2
CVE-2014-6302
The Monitoring Administration pages in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue....
Pnmsoft Sequence Kinetics
4
CVSSv2
CVE-2016-2868
IBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote authenticated administrators to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue....
Ibm Qradar Security Information And Event Manager
5
CVSSv2
CVE-2017-9233
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD....
Libexpat Project Libexpat
6.8
CVSSv2
CVE-2014-5035
The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, related to an XML External Entity (XXE) issue....
Opendaylight Opendaylight 1.0
4.3
CVSSv2
CVE-2013-2202
WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue....
Wordpress Wordpress 0.71Wordpress Wordpress 1.0Wordpress Wordpress 1.0.1Wordpress Wordpress 1.0.2Wordpress Wordpress 1.1.1Wordpress Wordpress 1.2Wordpress Wordpress 1.2.1Wordpress Wordpress 1.2.2Wordpress Wordpress 1.2.3Wordpress Wordpress 1.2.4Wordpress Wordpress 1.2.5Wordpress Wordpress 1.3Wordpress Wordpress 1.3.2Wordpress Wordpress 1.3.3Wordpress Wordpress 1.5Wordpress Wordpress 1.5.1Wordpress Wordpress 1.5.1.1Wordpress Wordpress 1.5.1.2Wordpress Wordpress 1.5.1.3Wordpress Wordpress 1.5.2Wordpress Wordpress 1.6.2Wordpress Wordpress 2.0Wordpress Wordpress 2.0.1Wordpress Wordpress 2.0.2Wordpress Wordpress 2.0.4Wordpress Wordpress 2.0.5Wordpress Wordpress 2.0.6Wordpress Wordpress 2.0.7Wordpress Wordpress 2.0.8Wordpress Wordpress 2.0.9Wordpress Wordpress 2.0.10Wordpress Wordpress 2.0.11Wordpress Wordpress 2.1Wordpress Wordpress 2.1.1Wordpress Wordpress 2.1.2Wordpress Wordpress 2.1.3Wordpress Wordpress 2.2Wordpress Wordpress 2.2.1Wordpress Wordpress 2.2.2Wordpress Wordpress 2.2.3Wordpress Wordpress 2.3Wordpress Wordpress 2.3.1Wordpress Wordpress 2.3.2Wordpress Wordpress 2.3.3Wordpress Wordpress 2.5Wordpress Wordpress 2.5.1Wordpress Wordpress 2.6Wordpress Wordpress 2.6.1Wordpress Wordpress 2.6.2Wordpress Wordpress 2.6.3Wordpress Wordpress 2.6.5Wordpress Wordpress 2.7Wordpress Wordpress 2.7.1Wordpress Wordpress 2.8Wordpress Wordpress 2.8.1Wordpress Wordpress 2.8.2Wordpress Wordpress 2.8.3Wordpress Wordpress 2.8.4Wordpress Wordpress 2.8.5Wordpress Wordpress 2.8.5.1Wordpress Wordpress 2.8.5.2Wordpress Wordpress 2.8.6Wordpress Wordpress 2.9Wordpress Wordpress 2.9.1Wordpress Wordpress 2.9.1.1Wordpress Wordpress 2.9.2Wordpress Wordpress 3.3Wordpress Wordpress 3.3.1Wordpress Wordpress 3.3.2Wordpress Wordpress 3.3.3Wordpress Wordpress 3.4.0Wordpress Wordpress 3.4.1Wordpress Wordpress 3.4.2Wordpress Wordpress 3.5.0Wordpress Wordpress
5
CVSSv2
CVE-2014-3066
IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue....
Ibm Tivoli Endpoint Manager 9.1
4.3
CVSSv2
CVE-2016-1789
Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue....
Apple Ibooks Author
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-1647CVE-2021-20491CVE-2021-28310CVE-2021-30487CVE-2021-21087XPath injectionbrute forceCVE-2020-7308remote attackers
Vulnerability Notification
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook