what you don't know can hurt you
Showing 51 - 75 of 255 RSS Feed

XML Injection Files

Red Hat Security Advisory 2016-2822-01
Posted Nov 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2822-01 - This release of Red Hat JBoss BPM Suite 6.4.0 serves as a replacement for Red Hat JBoss BPM Suite 6.3.4, and includes bug fixes and enhancements, which are documented in the Release Notes of the patch linked to in the References section. Security Fix: It was found that several XML parsers used by XStream had default settings that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, remote, xxe
systems | linux, redhat
advisories | CVE-2016-3674, CVE-2016-7041, CVE-2016-8608
MD5 | dee7c00f687aff53c5ce4a18baf8b732
Mobile Security Framework MobSF 0.9.3 Beta
Posted Nov 23, 2016
Authored by Ajin Abraham | Site github.com

Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.

Changes: Clipboard Monitor for Android Dynamic Analysis. Windows APPX Static Analysis Support. Added Docker File. Added Support for Kali Linux. Various other additions and improvements.
tags | tool, web, vulnerability, fuzzer, xxe
systems | cisco, ios
MD5 | 0c1d2d101da02097ba466840e0148138
SAP NetWeaver AS JAVA 7.4 XXE Injection
Posted Nov 21, 2016
Authored by Vahagn Vardanyan

SAP NetWeaver AS JAVA version 7.4 suffers from an XML external entity (XXE) injection vulnerability.

tags | exploit, java, xxe
MD5 | d3bbd6087e44746fe007017f05500490
CS-Cart 4.3.10 Unauthenticated XXE Injection
Posted Nov 16, 2016
Authored by Ahmed Sultan

CS-Cart versions 4.3.10 and below suffer from an unauthenticated XML external entity (XXE) injection vulnerability.

tags | exploit, xxe
MD5 | 447b6e3834e4181c5d1a59af8d15434e
RSA Enterprise Compromise Assessment Tool (ECAT) 4.1.0.1 XXE Injection
Posted Oct 11, 2016
Authored by Samandeep Singh

RSA Enterprise Compromise Assessment Tool (ECAT) version 4.1.0.1 suffers from an XML external entity injection vulnerability.

tags | exploit, xxe
MD5 | da3bca0480d21ac0bbf423649b46a850
Adobe ColdFusion 11 XML External Entity Injection
Posted Sep 7, 2016
Authored by Dawid Golunski

Adobe ColdFusion versions 11 and below suffer from an XML external entity (XXE) injection vulnerability.

tags | exploit, xxe
advisories | CVE-2016-4264
MD5 | b03f3352a6a03d60f1977acc5f452637
WSO2 Identity Server 5.1.0 XML Injection
Posted Aug 13, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

WSO2 Identity Server version 5.1.0 suffers from cross site request forgery and XML external-entity injection vulnerabilities.

tags | exploit, vulnerability, csrf, xxe
advisories | CVE-2016-4311, CVE-2016-4312
MD5 | da3bbd1f34722ab8dc98fe47dbd5326a
Apache POI 3.5 XML Injection
Posted Jul 22, 2016
Authored by Mauro Gentile

Apache POI's XLSX2CSV example suffers from an XML external entity injection vulnerability. Versions 3.13 through 3.5 are affected.

tags | advisory, xxe
advisories | CVE-2016-5000
MD5 | ffbda140415d07d8fb94b9b5d2f4e402
Oracle Patches 27 Vulnerabilities
Posted Jul 20, 2016
Authored by David Litchfield

A total of 27 vulnerabilities have been patched by Oracle. These affect eBusiness Suite R12.x and 11.5, Apex, Primavera, OBIEE, and Agile DB components. These issues include SQL injection, cross site scripting, XXE injection, SSRF, failed access controls, and more.

tags | exploit, vulnerability, xss, sql injection, xxe
advisories | CVE-2016-3448, CVE-2016-3467
MD5 | ee51786f3fcbeed16c2224dbb1d9ae36
SAP NetWeaver AS JAVA 7.4 XXE Injection
Posted Jul 14, 2016
Authored by Vahagn Vardanyan

An attacker can trigger an XML Entity Expansion or XML External Entity Injection. This causes the entire machine to become unresponsive until the process is terminated manually. An attacker can use this flaw to perform a denial-of-service (DoS) attack. SAP NetWeaver AS JAVA version 7.4 is affected.

tags | exploit, java, xxe
advisories | CVE-2016-4014
MD5 | 1cb452375e157a2e473335a36c681d01
WSO2 SOA Enablement Server XML External Entity Injection
Posted Jul 13, 2016
Authored by Jakub Palaczynski, Pawel Gocyla

WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 suffers from an XML external entity injection vulnerability.

tags | exploit, java, xxe
MD5 | 3e5d3ae69a6baac7273853cae43b2c8a
CyberPower Systems PowerPanel 3.1.2 XXE Out-Of-Band Data Retrieval
Posted Jul 8, 2016
Authored by LiquidWorm | Site zeroscience.mk

CyberPower Systems PowerPanel version 3.1.2 suffers from an unauthenticated XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack. The vulnerability is triggered when input passed to the xmlservice servlet using the ppbe.xml script is not sanitized while parsing the xml inquiry payload returned by the JAXB element translation.

tags | exploit, arbitrary, xxe
MD5 | 0d32573cd1a4724e961e726d4112e4e1
Apple Safari 9.1.1 Local XXE Injection
Posted Jul 5, 2016
Authored by Filippo Cavallarin

Apple Safari version 9.1.1 for Mac OS X suffers from a local XXE vulnerability when processing specially crafted SVG images. This does not work with downloaded files.

tags | exploit, local, xxe
systems | apple, osx
MD5 | eca7235592ede1e4ce40d0d71bcb9cb9
Release Automation XSS / XXE Injection
Posted Jul 1, 2016
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to multiple potential risks with CA Release Automation. Three vulnerabilities exist that can allow a remote attacker to potentially gain sensitive information or cause a denial of service condition. CA has fixes available. The first vulnerability occurs due to the inclusion of a vulnerable 3rd party component, Open Flash Chart. A remote attacker can conduct cross-site scripting attacks The second vulnerability occurs due to insufficient verification of requests to the web server, which can lead to limited XML external entity attacks. An authenticated attacker in the local network can potentially gain sensitive information or cause a denial of service condition. The third vulnerability occurs due to insufficient verification of requests to the web interface, which leads to multiple reflected cross-site scripting vulnerabilities and one stored cross-site scripting vulnerability.

tags | advisory, remote, web, denial of service, local, vulnerability, xss, xxe
advisories | CVE-2015-7370, CVE-2015-8698, CVE-2015-8699
MD5 | f6d030c18747403480c3e9413f8b9f1a
Debian Security Advisory 3606-1
Posted Jun 25, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3606-1 - It was discovered that pdfbox, a PDF library for Java, was susceptible to XML External Entity attacks.

tags | advisory, java, xxe
systems | linux, debian
advisories | CVE-2016-2175
MD5 | d468888e4214b4d08b88d2bd653f1b4e
SugarCRM 6.5.18 SAML Authentication XML External Entity
Posted Jun 24, 2016
Authored by EgiX

SugarCRM versions 6.5.18 CE and below suffer from a SAML authentication XML external entity vulnerability.

tags | advisory, xxe
MD5 | c28483be9e51e708f3c48952da13852e
SAP NetWeaver AS JAVA 7.5 XXE Injection
Posted Jun 17, 2016
Authored by Vahagn Vardanyan

SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from an XML external entity injection vulnerability.

tags | exploit, java, xxe
advisories | CVE-2016-3974
MD5 | 027c5e27de4ac68aa0e914eebb31748f
Dell OpenManager Server 8.3 XXE Injection
Posted Jun 11, 2016
Authored by hantwister

Dell OpenManager Server Administrator version 8.3 XML external entity exploit. Dell has contacted Packet Storm and has provided the following additional information: The Dell OpenManage Server Administrator (OMSA) product Linux installations has basic dependencies on the open source library libxml2. Customers using OMSA should upgrade to the latest libxml2 version 2.9.x as per the prerequisites mentioned in the installation guide on page 14 available here: http://topics-cdn.dell.com/pdf/dell-openmanage-server-administrator-v8.3_Install Guide_en-us.pdf. In general, users should use the most up-to-date versions as part of prudent computing practices.

tags | exploit, xxe
MD5 | 175e933bb386916d2e3c26f8a65d7d65
Liferay 6.2.3 CE GA4 OpenID XXE Injection
Posted Jun 2, 2016
Authored by Sandro Gauci

Liferay supports OpenID login which was found to make use of a version of openid4java that is vulnerable to XML External Entity (XXE) attacks. Liferay versions 6.2.3 CE GA4 and earlier are affected.

tags | exploit, xxe
MD5 | c64fbdf39059b7fa5e18bcecae0f2125
Paessler PRTG Network Monitor 14.4.12.3282 XXE Injection
Posted May 31, 2016
Site redteam-pentesting.de

PRTG Network Monitor version 14.4.12.3282 suffers from an XML eXternal Entity expansion vulnerability.

tags | exploit, xxe
advisories | CVE-2015-7743
MD5 | e5f6ec186a8de5447c115e78b64400c0
Apache PDFBox 1.8.11 / 2.0.0 / XML Injection
Posted May 27, 2016
Authored by Mesut Timur, Arthur Khashaev, Seulgi Kim

Apache PDFBox versions 1.8.0 through 1.8.11 and 2.0.0 suffer from an XML external entity injection vulnerability.

tags | advisory, xxe
advisories | CVE-2016-2175
MD5 | 81953302389640242bde73ad8e3466d4
Apache Tika 1.12 XXE Injection
Posted May 27, 2016
Authored by Mesut Timur, Arthur Khashaev, Seulgi Kim

Apache Tika versions 0.10 through 1.12 suffer from an XXE injection vulnerability.

tags | advisory, xxe
advisories | CVE-2016-4434
MD5 | 59d2e2a74e6dcdddca72fe52de30aed2
AfterLogic WebMail Pro ASP.NET Account Takeover / XXE Injection
Posted May 24, 2016
Authored by Mehmet Ince, Halit Alptekin

AfterLogic WebMail Pro ASP.NET versions prior to 6.2.7 suffer from an administrator account takeover via an XXE injection vulnerability.

tags | exploit, asp, xxe
MD5 | 41cc07503156fc99994ba41aa68c9031
Debian Security Advisory 3575-1
Posted May 13, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3575-1 - It was discovered that XStream, a Java library to serialize objects to XML and back again, was susceptible to XML External Entity attacks.

tags | advisory, java, xxe
systems | linux, debian
advisories | CVE-2016-3674
MD5 | 90c4e634a558ec2c9ee2f9c2d41dc52b
Mobile Security Framework MobSF 0.9.2 Beta
Posted May 3, 2016
Authored by Ajin Abraham | Site github.com

Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.

Changes: Drag and Drop support, allows upto 8 files in Web GUI. Added Google Enjarify. Added procyon decompiler. Various other additions and improvements.
tags | tool, web, vulnerability, fuzzer, xxe
systems | cisco, ios
MD5 | f3df40afd37a25833c3786065c2145fd
Page 3 of 11
Back12345Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    14 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close