CWE:
 

Topic
Date
Author
Med.
OX App Suite 7.8.4 XSS / XML Injection / Information Disclosure
02.07.2018
Secator
High
Agorum Core Pro 7.8.1.4-251 XXE Injection
14.04.2017
Dr. Erlijn van Genucht...
High
USB Pratirodh XXE Injection
17.03.2017
Sachin Wagh
High
SAP NetWeaver 7.4 XXE Injection
24.11.2015
Roman Bezhan
High
Oracle E-Business Suite 12.1.3 XXE Injection
30.10.2015
erpscan
High
SAP Mobile Platform 3 XXE Injection
10.09.2015
Vahagn Vardanyan
High
Qlikview 11.20 SR4 Blind XXE Injection
09.09.2015
Alex Haynes
High
SAP NetWeaver Portal XMLValidationComponent XXE
25.06.2015
Vahagn Vardanyan
Med.
JobScheduler XML eXternal Entity Injection
09.09.2014
Christian Schneider


CVEMAP Search Results

CVE
Details
Description
2019-07-18
Medium
CVE-2019-7847

Vendor: Adobe
Software: Campaign
 

 
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of XML External Entity Reference ('XXE') vulnerability. Successful exploitation could lead to Arbitrary read access to the file system in the context of the current user.

 
2019-07-16
High
CVE-2019-13625

Vendor: NSA
Software: Ghidra
 

 
NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file.

 
2019-07-11
Medium
CVE-2018-17152

Vendor: Intersystems
Software: Cache
 

 
Intersystems Cache 2017.2.2.865.0 allows XXE.

 
2019-07-08
Medium
CVE-2019-12924

Updating...
 

 
MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was possible for an attacker to use a vulnerability in the configuration of the XML processor to read any file on the host system. Because all credentials were stored in a cleartext file, it was possible to steal all users' credentials (including the highest privileged users).

 
2019-07-05
Low
CVE-2019-13358

Vendor: Opencats
Software: Opencats
 

 
lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format.

 
2019-07-03
Medium
CVE-2015-3907

Vendor: Codeigniter-restserver project
Software: Codeigniter-...
 

 
CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 allows XXE attacks.

 
2019-06-28
Medium
CVE-2019-13031

Vendor: Lemonldap-ng
Software: Lemonldap
 

 
LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. By default, the notification server is not enabled and has a "deny all" rule.

 
2019-06-24
High
CVE-2018-20843

Vendor: Libexpat
Software: Expat
 

 
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

 
2019-06-21
Medium
CVE-2019-11392

Vendor: Dotnetblogengine
Software: Blogengine.net
 

 
BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd.

 
Medium
CVE-2019-10718

Vendor: Dotnetblogengine
Software: Blogengine.net
 

 
BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top