Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

xml external entity vulnerabilities and exploits

(subscribe to this query)

5
CVSSv2
CVE-2015-7081
iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue....
Apple Mac Os XApple Iphone Os
8.5
CVSSv2
CVE-2016-3039
IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity...
Ibm Traveler 8.5.3Ibm Traveler 9.0Ibm Traveler 9.0.1
4.3
CVSSv2
CVE-2013-3159
Microsoft Excel 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Excel Viewer; and Microsoft Office Compatibility Pack SP3 allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an...
Microsoft Excel 2003Microsoft Excel 2007Microsoft Excel 2010
5
CVSSv2
CVE-2015-0263
XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource....
Apache CamelApache Camel 2.14.0Apache Camel 2.14.1
5
CVSSv2
CVE-2017-15725
An XML External Entity Injection vulnerability exists in Dzone AnswerHub....
Devada Dzone Answerhub -
7.8
CVSSv2
CVE-2013-5490
Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148....
Cisco Prime Data Center Network Manager 5.2\\(2e\\)Cisco Prime Data Center Network Manager 6.1\\(1a\\)Cisco Prime Data Center Network ManagerCisco Prime Data Center Network Manager 4.1\\(2\\)Cisco Prime Data Center Network Manager 4.1\\(3\\)Cisco Prime Data Center Network Manager 4.1\\(4\\)Cisco Prime Data Center Network Manager 4.1\\(5\\)Cisco Prime Data Center Network Manager 4.2\\(1\\)Cisco Prime Data Center Network Manager 4.2\\(3\\)Cisco Prime Data Center Network Manager 5.0\\(2\\)Cisco Prime Data Center Network Manager 5.0\\(3\\)Cisco Prime Data Center Network Manager 5.1\\(1\\)Cisco Prime Data Center Network Manager 5.1\\(2\\)Cisco Prime Data Center Network Manager 5.1\\(3u\\)Cisco Prime Data Center Network Manager 5.2\\(2\\)Cisco Prime Data Center Network Manager 5.2\\(2a\\)Cisco Prime Data Center Network Manager 5.2\\(2b\\)Cisco Prime Data Center Network Manager 5.2\\(2c\\)Cisco Prime Data Center Network Manager 6.1\\(1b\\)
5
CVSSv2
CVE-2009-5135
The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows remote attackers to read arbitrary files via a request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue....
Nextapp Echo 2.0Nextapp Echo 2.0.1Nextapp Echo 2.1.0Nextapp EchoNextapp Echo 3.0
7.8
CVSSv2
CVE-2013-6948
The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue....
Belkin Wemo Home Automation Firmware 2769
5.8
CVSSv2
CVE-2014-5392
XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity...
Sos Jobscheduler 1.6.4014Sos Jobscheduler 1.6.4043Sos JobschedulerSos Jobscheduler 1.7.4177Sos Jobscheduler 1.7.4189
4
CVSSv2
CVE-2016-0288
IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and Security AppScan Enterprise allow remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML...
Ibm Security Appscan 8.7.0.0Ibm Security Appscan 8.7.0.1Ibm Security Appscan 8.8.0.0Ibm Security Appscan 9.0.0.0Ibm Security Appscan 9.0.0.1Ibm Security Appscan 9.0.1.0Ibm Security Appscan 9.0.1.1Ibm Security Appscan 9.0.2.0Ibm Security Appscan 9.0.2.1Ibm Security Appscan 9.0.3.0Ibm Security Appscan 9.0.3.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-1647CVE-2021-20491CVE-2021-28310CVE-2021-30487CVE-2021-21087XPath injectionbrute forceCVE-2020-7308remote attackers
Vulnerability Notification
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook