The Dell EMC Common Object Manager (ECOM) component used in multiple Dell EMC products is affected by a XML External Entity (XXE) Injection vulnerability that may potentially be exploited by malicious users to compromise the affected system.
7dab4d7ace5e05c27d3d81c8b2326fc4
Debian Linux Security Advisory 4175-1 - Wojciech Regula discovered an XML External Entity vulnerability in the XML Parser of the mindmap loader in freeplane, a Java program for working with mind maps, resulting in potential information disclosure if a malicious mind map file is opened.
12a16510ecd8dd615bb9eb5718e58e42
Digital Guardian Management Console version 7.1.2.0015 suffers from an XML external entity injection vulnerability.
4580a4c26b72fed29c24bcb9499af56f
Geist WatchDog Console version 3.2.2 suffers from cross site scripting, XML external entity injection, and insecure file permission vulnerabilities.
4811ca31e7f5fe461ed4376e43851ecc
KYOCERA Multi-Set Template Editor version 3.4.0906 suffers from an out-of-band XML external entity injection vulnerability.
0c8850a036da5916bbb8e718eccc4d21
Microsoft Windows Remote Assistance suffers from an XML external entity injection vulnerability.
cb3025652af207020bf6755d7274530e
Micro Focus Security Bulletin MFSBGN03797 1 - A potential security vulnerability has been identified in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC). The vulnerability could be exploited to allow XML External Entity (XXE) injection. Revision 1 of this advisory.
62f460254f94edede800f1cd1ae2458b
Oracle Financial Services Analytical Applications versions 7.3.5.x and 8.0.x suffer from XML external entity injection and cross site scripting vulnerabilities.
03e038ba3c35a62362f8c4edf912224d
Red Hat Security Advisory 2017-3452-01 - Apache Lucene is a high-performance, full-featured text search engine library written entirely in Java. It is a technology suitable for nearly any application that requires full-text search, especially cross-platform. Security Fix: It was discovered that Lucene's XML query parser did not properly restrict doctype declaration and expansion of external entities. An attacker with access to an application using a Lucene XML query parser could exploit this flaw to perform XML eXternal Entity attacks.
0cf279b0be3ca49556ec283b8a84e4b4
Red Hat Security Advisory 2017-3451-01 - Apache Lucene is a high-performance, full-featured text search engine library written entirely in Java. It is a technology suitable for nearly any application that requires full-text search, especially cross-platform. Security Fix: It was discovered that Lucene's XML query parser did not properly restrict doctype declaration and expansion of external entities. An attacker with access to an application using a Lucene XML query parser could exploit this flaw to perform XML eXternal Entity attacks.
bc6baf9fcb7346cbdd4c4cfb54217a81
Diving Log version 6.0 suffers from an XML external entity injection vulnerability.
9d6c9f15cd8cdb7805839a5f1d6aa410
iText PDF Library versions 2.0.8, 5.5.11, and 7.0.2 suffer from an XML external entity injection vulnerability. The attack can be carried out by submitting a malicious PDF to an iText application that parses XML data. By providing a malicious XXE payloads inside the XML data that resides in the PDF, an attacker can for example extract files or forge requests on the server.
b4f4f5142c0c778840b48038c076d309
Attackers who can send SOAP messages to a Ladon webservice via the HTTP interface of the Ladon webservice can exploit an XML external entity expansion vulnerability and read local files, forge server side requests or overload the service with exponentially growing memory payloads. Versions 0.9.40 and below are affected.
56720fcc2b7cc9bfd94f0fbaf6ff432d
Oracle Java SE installs a protocol handler in the registry as "HKEY_CLASSES_ROOT\jnlp\Shell\Open\Command\Default" 'C:\Program Files\Java\jre1.8.0_131\bin\jp2launcher.exe" -securejws "%1"'. This can allow allow an attacker to launch remote jnlp files with little user interaction. A malicious jnlp file containing a crafted XML XXE attack can be leveraged to disclose files, cause a denial of service or trigger SSRF. Versions v8u131 and below are affected.
1e5c74e4370cfb11bd675efce53eb688
Mura CMS versions prior to 6.2 suffer from server-side request forgery and XML external entity injection vulnerabilities.
082f770ed9b178ced262ba51f73e3f10
Microsoft Windows Game Definition File Editor (GDFMaker) version 6.3.9600.16384 suffers from an XML external entity injection vulnerability.
c7d0ae4a7bf14a2d1e2cae2ae115040a
Apache Solar version 7.0.1 suffers from XML external entity injection and remote code execution vulnerabilities.
c5a11c70eb9d20e9abf2fb6d5efc3959
Lansweeper version 6.0.100.29 suffers from an XML external entity injection vulnerability.
ac359c8576cebe46e9bfc2fd930fc500
OpenText Document Sciences xPression version 4.5SP1 Patch 13 suffers from an XML external entity injection vulnerability.
cc7bbb9dac8735511fb665bdf6292a89
OpenText Documentum Administrator version 7.2.0180.0055 and Documentum Webtop version 6.8.0160.0073 suffer from XML external entity injection vulnerabilities.
0cf5e2fc80eb45dd8b9bba4f36f8f1b5
IBM Infosphere Information Server / Datastage versions 9.1, 11.3, and 11.5 (including Cloud version 11.5) suffer from bypass, XML external entity injection, DLL side loading, and various other vulnerabilities.
df508740935e04a74179d3725b5fea36
OSCI-Transport library version 1.2 for German e-Government suffers from padding oracle, signature wrapping, and XML external entity injection vulnerabilities.
852b54bfa71394caa84d2551937c6f52
Cisco Prime Infrastructure versions 1.1 through 3.1.6 suffer from cross site scripting, XML external entity injection, file disclosure, and remote SQL injection vulnerabilities.
a015626c21297363f1b2f3b6319821c8
Subsonic 6.1.1 import playlist feature is susceptible to an XML External Entity attack via import of a malicious .XSPF playlist file.
55908f5f3dbc9a08e404b4b34bfa1497
Trend Micro Deep Security version 6.5 suffers from XML external entity injection, local privilege escalation, and remote code execution vulnerabilities.
14d6ad8c29d1b68a5710f229a32f0da6