CWE:
 

Topic
Date
Author
Med.
OX App Suite 7.8.4 XSS / XML Injection / Information Disclosure
02.07.2018
Secator
High
Agorum Core Pro 7.8.1.4-251 XXE Injection
14.04.2017
Dr. Erlijn van Genucht...
High
USB Pratirodh XXE Injection
17.03.2017
Sachin Wagh
High
SAP NetWeaver 7.4 XXE Injection
24.11.2015
Roman Bezhan
High
Oracle E-Business Suite 12.1.3 XXE Injection
30.10.2015
erpscan
High
SAP Mobile Platform 3 XXE Injection
10.09.2015
Vahagn Vardanyan
High
Qlikview 11.20 SR4 Blind XXE Injection
09.09.2015
Alex Haynes
High
SAP NetWeaver Portal XMLValidationComponent XXE
25.06.2015
Vahagn Vardanyan
Med.
JobScheduler XML eXternal Entity Injection
09.09.2014
Christian Schneider


CVEMAP Search Results

CVE
Details
Description
2018-10-26
Medium
CVE-2018-18659

Vendor: Arcserve
Software: UDP
 

 
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue.

 
2018-10-15
Medium
CVE-2018-1747

Vendor: IBM
Software: Security key...
 

 
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 148428.

 
2018-10-12
Medium
CVE-2018-1844

Vendor: IBM
Software: Filenet cont...
 

 
IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150904.

 
2018-10-10
High
CVE-2018-8494

Vendor: Microsoft
Software: Windows 10
 

 
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

 
Low
CVE-2018-8527

Vendor: Microsoft
Software: Sql server m...
 

 
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8532, CVE-2018-8533.

 
Low
CVE-2018-8532

Vendor: Microsoft
Software: Sql server m...
 

 
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8533.

 
Low
CVE-2018-8533

Vendor: Microsoft
Software: Sql server m...
 

 
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8532.

 
2018-10-08
Low
CVE-2018-17889

Vendor: We-con
Software: Pi studio
 

 
In WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior when parsing project files, the XMLParser that ships with Wecon PIStudio is vulnerable to a XML external entity injection attack, which may allow sensitive information disclosure.

 
2018-10-04
Medium
CVE-2018-12471

Updating...
 

 
A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.

 
2018-09-28
Medium
CVE-2018-1702

Vendor: IBM
Software: Platform sym...
 

 
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 146189.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top