xxe vulnerabilities and exploits

(subscribe to this query)

9.8

Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote)....

Netcad Keos 1.01 Github repository available

6.5

CVSSv3

BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are...

Bmc Remedy Smart Reporting

9.8

CVSSv3

WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection....

Yaws Yaws Debian Debian Linux 9.0 Debian Debian Linux 10.0 Canonical Ubuntu Linux 18.041 Github repository available

6.4

CVSSv3

Intersystems Cache 2017.2.2.865.0 allows XXE....

Intersystems Cache 2017.2.2.865.0 Intersystems Cache 2018.1.2

6.5

CVSSv3

Maltego before 4.2.12 allows XXE attacks....

Maltego Maltego3 Github repositories available

9.8

CVSSv3

XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability can be exploited to allow XML External Entity (XXE)...

Microfocus Project And Portfolio Management Center 9.32

NA

XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been...

Open-xchange Open-xchange Appsuite 7.2.0 Open-xchange Open-xchange Appsuite 7.0.2 Open-xchange Open-xchange Appsuite 7.2.2 Open-xchange Open-xchange Appsuite 7.2.1 Open-xchange Open-xchange Appsuite Open-xchange Open-xchange Appsuite 7.4.0 Open-xchange Open-xchange Appsuite 6.22.0 Open-xchange Open-xchange Appsuite 6.20.7 Open-xchange Open-xchange Appsuite 7.0.1 Open-xchange Open-xchange Appsuite 6.22.1

9.8

CVSSv3

jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE....

Pippo Pippo 1.11.0

9.8

CVSSv3

drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability....

Redhat Drools1 Github repository available

9.8

CVSSv3

opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities...

Tejimaya Opwebapiplugin 0.1.0 Tejimaya Opwebapiplugin 0.4.0 Tejimaya Opwebapiplugin 0.5.1

Get Started

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook