CWE:
 

Topic
Date
Author
High
Agorum Core Pro 7.8.1.4-251 XXE Injection
14.04.2017
Dr. Erlijn van Genucht...
High
USB Pratirodh XXE Injection
17.03.2017
Sachin Wagh
High
SAP NetWeaver 7.4 XXE Injection
24.11.2015
Roman Bezhan
High
Oracle E-Business Suite 12.1.3 XXE Injection
30.10.2015
erpscan
High
SAP Mobile Platform 3 XXE Injection
10.09.2015
Vahagn Vardanyan
High
Qlikview 11.20 SR4 Blind XXE Injection
09.09.2015
Alex Haynes
High
SAP NetWeaver Portal XMLValidationComponent XXE
25.06.2015
Vahagn Vardanyan
Med.
JobScheduler XML eXternal Entity Injection
09.09.2014
Christian Schneider


CVEMAP Search Results

CVE
Details
Description
2018-01-03
Medium
CVE-2017-1000477

Vendor: Xmlbundle project
Software: Xmlbundle
 

 
XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks.

 
Medium
CVE-2017-1000498

Vendor: Androidsvg project
Software: Androidsvg
 

 
AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution

 
Medium
CVE-2017-1000497

Vendor: Pepperminty-wiki project
Software: Pepperminty-wiki
 

 
Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly remote code execution

 
Medium
CVE-2017-1000496

Vendor: Commsy
Software: Commsy
 

 
Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code.

 
2017-12-29
Medium
CVE-2014-3630

Updating...
 

 
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.

 
2017-12-15
Medium
CVE-2017-14101

Vendor: Changehealthcare
Software: Conserus ima...
 

 
A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change Healthcare company. An unauthenticated user supplying a modified HTTP SOAP request to the vulnerable service allows for arbitrary file read access to the local file system as well as the transmittal of the application service's account hashed credentials to a remote attacker.

 
2017-12-01
Medium
CVE-2017-11286

Vendor: Adobe
Software: Coldfusion
 

 
Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.

 
2017-11-30
Medium
CVE-2017-14868

Vendor: Restlet
Software: Restlet
 

 
Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension.

 
Medium
CVE-2017-14949

Vendor: Restlet
Software: Restlet
 

 
Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not parameter external entities) are properly considered. This is related to XmlRepresentation, DOMRepresentation, SaxRepresentation, and JacksonRepresentation.

 
2017-11-17
Medium
CVE-2017-1000190

Vendor: Simplexml project
Software: Simplexml
 

 
SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top