Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xml database vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-6012
Multiple open redirect vulnerabilities in Web Reference Database (aka refbase) up to and including 0.9.6 and bleeding-edge prior to 2015-01-08 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via the referrer parameter.
Refbase Refbase
NA
CVE-2015-6010
Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) up to and including 0.9.6 and bleeding-edge prior to 2015-01-08 allow remote malicious users to inject arbitrary web script or HTML via the (1) errorNo or (2) errorMsg parameter to error.p...
Refbase Refbase
NA
CVE-2015-6008
install.php in Web Reference Database (aka refbase) up to and including 0.9.6 allows remote malicious users to execute arbitrary commands via the adminPassword parameter, a different issue than CVE-2015-7381.
Refbase Refbase
1 EDB exploit
NA
CVE-2015-6009
Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) up to and including 0.9.6 allow remote malicious users to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issue than CVE-2...
Refbase Refbase
1 EDB exploit
5.5
CVSSv3
CVE-2020-27019
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an malicious user to access a specific database and key.
Trendmicro Interscan Messaging Security Virtual Appliance
4.3
CVSSv3
CVE-2021-31341
Uploading a table mapping using a manipulated XML file results in an exception that could expose information about the application-server and the used XML-framework on the Mendix Database Replication Module (All versions prior to v7.0.1).
7.5
CVSSv3
CVE-2022-31447
An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows malicious users to access sensitive database information via a crafted SVG file.
Magicpin Magicpin 3.4
6.5
CVSSv3
CVE-2012-3489
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 prior to 8.3.20, 8.4 prior to 8.4.13, 9.0 prior to 9.0.9, and 9.1 prior to 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obta...
Postgresql Postgresql
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Opensuse Opensuse 12.1
Apple Mac Os X Server 10.6.8
Apple Mac Os X Server
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 12.04
Debian Debian Linux 6.0
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Desktop 5.0
Redhat Enterprise Linux Eus 6.3
NA
CVE-2000-0385
FileMaker Pro 5 Web Companion allows remote malicious users to bypass Field-Level database security restrictions via the XML publishing or email capabilities.
Filemaker Filemaker 5.0
7.5
CVSSv3
CVE-2018-2465
SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash.
Sap Hana 2.0
Sap Hana 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »