exploit the possibilities
Showing 26 - 50 of 255 RSS Feed

XML Injection Files

SAP Business One For Android 1.2.3 XML Injection
Posted May 20, 2017
Authored by Ravindra Singh Rathore

SAP Business One for Android version 1.2.3 suffers from an XML external entity injection vulnerability.

tags | exploit, xxe
advisories | CVE-2016-6256
MD5 | 6eda4cc5fc81e40ada5094b092feabec
Oracle PeopleSoft XML External Entity / SYSTEM Remote Code Execution
Posted May 18, 2017
Authored by Ambionics Security

Oracle PeopleSoft suffers from an XML external injection vulnerability that allows for SYSTEM remote code execution.

tags | exploit, remote, code execution, xxe
MD5 | 67484c782236fd795723abc09b4356d2
Ubuntu Security Notice USN-3281-1
Posted May 9, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3281-1 - Pierre Ernst discovered that Apache Fop incorrectly handled XML external entities. A remote attacker could possibly use this issue to obtain sensitive files from the filesystem, or cause a denial of service.

tags | advisory, remote, denial of service, xxe
systems | linux, ubuntu
advisories | CVE-2017-5661
MD5 | 0d2e927f3393a3981e392b48e56cc28a
Ubuntu Security Notice USN-3280-1
Posted May 9, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3280-1 - Lars Krapf and Pierre Ernst discovered that Apache Batik incorrectly handled XML external entities. A remote attacker could possibly use this issue to obtain sensitive files from the filesystem, or cause a denial of service.

tags | advisory, remote, denial of service, xxe
systems | linux, ubuntu
advisories | CVE-2017-5662
MD5 | bd5dcca9613a7c7e028a7886dda6de7a
Oracle PeopleSoft HCM 9.2 XXE Injection
Posted Apr 20, 2017
Authored by Nadya Krivdyuk

Oracle PeopleSoft HCM version 9.2 on PeopleTools version 8.55 suffers from an XML external entity injection vulnerability.

tags | exploit, xxe
advisories | CVE-2017-3548
MD5 | 2d8f4923676b948571c9249b362d7b59
Watchguard Firebox / XTM XXE Injection
Posted Apr 17, 2017
Authored by David Fernandez

Watchguard's Firebox and XTM appliances suffer from XML external entity injection and XML-RPC user enumeration vulnerabilities.

tags | exploit, vulnerability, xxe
MD5 | fc81bd26428ae0fa35796c34f171c13a
Agorum Core Pro 7.8.1.4-251 XXE Injection
Posted Apr 14, 2017
Authored by Dr. Erlijn van Genuchten, Sascha Grimmeisen

Agorum Core Pro version 7.8.1.4-251 suffers from an XML external entity injection vulnerability.

tags | exploit, xxe
MD5 | 7f02871bf8fe8ca3c0b711ce4d2066f8
Adobe XML Injection File Content Disclosure
Posted Apr 11, 2017
Authored by Thomas Sluyter

Multiple Adobe products suffer from an XML injection file content disclosure vulnerability.

tags | exploit, xxe
advisories | CVE-2009-3960
MD5 | b95afbac6fbfe74f21407e5416b8c892
Moxa MX-AOPC UA Server 1.5 XML Injection
Posted Apr 10, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Moxa MX-AOPC UA server version 1.5 suffers from an XML external entity injection vulnerability.

tags | exploit, xxe
advisories | CVE-2017-7457
MD5 | 55d6b8c4a9c9686a2c9d942fc05c6018
Apache Ignite 1.8 XXE Injection
Posted Apr 7, 2017
Authored by Pierre Ernst

Apache Ignite versions 1.0.0-RC3 through 1.8 suffer from an arbitrary file read that can be leveraged due to an eXternal Xml Entity vulnerability.

tags | advisory, arbitrary, xxe
advisories | CVE-2016-6805
MD5 | 5eec1b04829292f4ab3a52e46055fcc4
ManageEngine Applications Manager 12 / 13 XSS / SQL Injection / Code Execution
Posted Apr 4, 2017
Authored by Lukasz Juszczyk

ManageEngine Applications Manager versions 12 and 13 suffers from code execution, cross site scripting, XXE injection, and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, code execution, xss, sql injection, xxe
advisories | CVE-2016-9488, CVE-2016-9489, CVE-2016-9490, CVE-2016-9491, CVE-2016-9498
MD5 | 3955f3dbd6d2315f052f3f25d5c3a78f
Trimble / Manhattan Software IWMS 9.x XXE Injection
Posted Apr 4, 2017
Authored by Patrick Webster

Trimble / Manhattan Software IWMS version 9.x suffers from an XML external entity injection vulnerability.

tags | exploit, xxe
MD5 | 79d5a18add30ebddc512e1a4491ee38a
Windows DVD Maker 6.1.7 XXE Injection
Posted Mar 16, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Windows DVD Maker version 6.1.7 suffers from an XML external entity injection vulnerability.

tags | exploit, xxe
systems | windows
advisories | CVE-2017-0045
MD5 | 2633411dcb609dcaaf80a71090998e85
USB Pratirodh XXE Injection
Posted Mar 15, 2017
Authored by Sachin Wagh

USB Pratirodh suffers from an XML external entity injection vulnerability.

tags | exploit, xxe
advisories | CVE-2017-6895
MD5 | ebf302ff3956b3215e010fe652b006b1
Aruba AirWave 8.2.3 XXE Injection / Cross Site Scripting
Posted Mar 1, 2017
Authored by P. Morimoto | Site sec-consult.com

Aruba AirWave versions 8.2.3 and below suffer from XXE injection and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, xxe
advisories | CVE-2016-8526, CVE-2016-8527
MD5 | d5de488177bf0b6db37bc059fa431b58
Java / Python FTP URL Handling XXE / SSRF
Posted Feb 24, 2017
Authored by Timothy D. Morgan

Java and Python both have URL handling code that can be leveraged for XML external entity (XXE) injection and SSRF attacks.

tags | advisory, java, python, xxe
MD5 | b46f35be652c08f2529c29a9fccd6755
Cimetrics BACnet Explorer 4.0 XXE Injection
Posted Feb 13, 2017
Authored by LiquidWorm | Site zeroscience.mk

Cimetrics BACnet Explorer version 4.0 suffers from an XML eXternal Entity vulnerability that allows for remote retrieval of arbitrary data.

tags | exploit, remote, arbitrary, xxe
MD5 | 075e671e5eaca45529d2b443fa60dddc
Red Hat Security Advisory 2017-0248-01
Posted Feb 3, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0248-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.4.1 serves as a replacement for Red Hat JBoss BRMS 6.4.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that the parsing of XMP and other XML formats in PDF by Apache PDFBox would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, remote, xxe
systems | linux, redhat
advisories | CVE-2016-2175, CVE-2016-4434, CVE-2016-6344
MD5 | 186507bec9289d2bf9f91e8e1910a56e
Microsoft PowerShell XXE Injection
Posted Dec 6, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft PowerShell suffers from an XML external entity (XXE) injection vulnerability that allows for file exfiltration.

tags | exploit, xxe
MD5 | 06fe56f18d81ef806aed4773f1517228
Microsoft Authorization Manager 6.1.7601 XXE Injection
Posted Dec 5, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Authorization Manager version 6.1.7601 suffers from an XML external entity (XXE) injection vulnerability that allows for file exfiltration.

tags | exploit, xxe
MD5 | 982c09b54dae36f9b5ae432e6c1d0409
Microsoft Event Viewer 1.0 XXE Injection
Posted Dec 5, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Event Viewer version 1.0 suffers from an XML external entity (XXE) injection vulnerability that allows for file exfiltration.

tags | exploit, xxe
MD5 | c7a519a9ce4acb64b45e6199d6ff5ae3
Windows System Information 6.1.7601 XXE Injection
Posted Dec 5, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Windows System Information MSINFO32.exe version 6.1.7601 suffers from an XML external entity (XXE) injection vulnerability that allows for file exfiltration.

tags | exploit, xxe
systems | windows
MD5 | a3e8668872972b93951845a9522c667a
Microsoft Excel Starter 2010 XXE Injection
Posted Dec 4, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Excel Starter 2010 suffers from an XML eXternal Entity vulnerability that allows for remote file disclosure.

tags | exploit, remote, xxe
MD5 | 20178a697a7d8e0bdfa592af023e1815
Windows Media Center 6.1.7600 XXE Injection
Posted Dec 4, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Windows Media Center "ehshell.exe" is vulnerable to an XML External Entity attack allowing remote access to any files on a victim's computer, if they open an XXE laden ".mcl" file via a remote share / USB or from a malicious "windowsmediacenterweb" web link.

tags | exploit, remote, web, xxe
systems | windows
MD5 | c9be1776890abf5bb75684418ba687cc
Red Hat Security Advisory 2016-2823-01
Posted Nov 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2823-01 - This release of Red Hat JBoss BRMS 6.4.0 serves as a replacement for Red Hat JBoss BRMS 6.3.4, and includes bug fixes and enhancements, which are documented in the Release Notes of the patch linked to in the References section. Security Fix: It was found that several XML parsers used by XStream had default settings that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, remote, xxe
systems | linux, redhat
advisories | CVE-2016-3674, CVE-2016-7041, CVE-2016-8608
MD5 | 94227be66643a4ce9aa75b2772e98354
Page 2 of 11
Back12345Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    11 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    2 Files
  • 19
    Aug 19th
    18 Files
  • 20
    Aug 20th
    19 Files
  • 21
    Aug 21st
    17 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close