Published: 05/07/2019 Updated: 14/12/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

lib/DocumentToText.php in OpenCats prior to 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opencats opencats

securite_devoirs Devoir 1 - Sécurité Ce répertoire contient un rapport et des fichiers pour réaliser une expérimentation sur l'exploitation de la faille CVE-2021-3560 Cette faille permet à un utilisateur non privilégié d'obtenir un compte administrateur sur un système vulnérable comme Ubuntu 2014

TryHackMe-Empline Room Link tryhackmecom/room/empline Enumeration ⛩\> nmap -p- -sV -sC -v -oA enum --min-rate 4500 --max-rtt-timeout 1500ms --open 1010196182 Nmap scan report for 1010196182 Host is up (038s latency) Not shown: 65532 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 76p1 Ubuntu 4ubuntu03 (Ubuntu Linux; protoco

A collection of POCs that I have written.

Proof Of Concepts A collection of POCs that I have written Current POCs CVE-2019-13358 (OpenCATS < 094-3 - XML External Entity (XXE) Injection) Requests If there are any CVEs that are currently without a POC, let me know and I will see if I can make one in Python

CWE-611 http://www.opencats.org/news/https://github.com/opencats/OpenCATS/pull/440 https://doddsecurity.com/312/xml-external-entity-injection-xxe-in-opencats-applicant-tracking-system/http://packetstormsecurity.com/files/164253/OpenCats-0.9.4-2-XML-Injection.html https://nvd.nist.gov https://github.com/elouatih/securite_devoirs https://github.com/Jake-Ruston/Proof-Of-Concepts

CVE-2019-13358

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect