exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 255 RSS Feed

XML Injection Files

Ubiquiti Networks XXE Injection
Posted Apr 25, 2016
Authored by Hadji Samir, Vulnerability Laboratory | Site vulnerability-lab.com

The Ubiquiti Networks web application suffered from an XXE injection vulnerability.

tags | exploit, web, xxe
SHA-256 | d645f5c22a117c00797ef6ddd30973f63867c5fa0aab82f98789a422cbf5aa34
Mobile Security Framework MobSF 0.9.1
Posted Mar 16, 2016
Authored by Ajin Abraham | Site github.com

Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK and IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.

Changes: Improved and responsive UI. Dynamic SSL testing. Various other updates and improvements.
tags | tool, web, vulnerability, fuzzer, xxe
systems | cisco, ios
SHA-256 | 215db863dcdeca863fb174fd724d9d0cdd0c4653f30eb69dab71e49afcaeda6c
Hippo CMS 10.1 XML External Entity Information Disclosure
Posted Jan 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

Hippo CMS version 10.1 suffers from an XML External Entity information disclosure vulnerability.

tags | exploit, info disclosure, xxe
SHA-256 | c467cf5987ff04b0981c61e79fceeeafe5e7597ea26c5cfec1e21868b1dd6c71
Red Hat Security Advisory 2016-0041-01
Posted Jan 15, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0041-01 - Red Hat JBoss BRMS is a business-rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.1.5 serves as a replacement for Red Hat JBoss BRMS 6.1.2, and includes bug fixes and enhancements that are documented in the README.txt file included with the patch files. The following security issue is also fixed with this release: It was found that batik was vulnerable to XML External Entity attacks when parsing SVG files. A remote attacker able to send malicious SVG content to the affected server could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, remote, xxe
systems | linux, redhat
advisories | CVE-2015-0250
SHA-256 | ecf50ed6b27bd5cb65f243cf38a699b302292ed4b30ec06c24b2a7e8a36ce9ac
Red Hat Security Advisory 2016-0042-01
Posted Jan 15, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0042-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.1.5 serves as a replacement for Red Hat JBoss BPM Suite 6.1.2, and includes bug fixes and enhancements, which are documented in the README.txt file included with the patch files. The following security issue is also fixed with this release: It was found that batik was vulnerable to XML External Entity attacks when parsing SVG files. A remote attacker able to send malicious SVG content to the affected server could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, remote, xxe
systems | linux, redhat
advisories | CVE-2015-0250
SHA-256 | 44ac4683b3f4026f361e4266c427d6d4681a4e87c9c31c5b5815e0a422ee0fca
PyAMF 0.7.2 XXE Injection
Posted Dec 17, 2015
Authored by Nicolas Gregoire, Open Source CERT

PyAMF suffers from insufficient AMF input payload sanitization which results in the XML parser not preventing the processing of XML external entities (XXE). A specially crafted AMF payload, containing malicious references to XML external entities, can be used to trigger denial of service (DoS) conditions or arbitrarily return the contents of files that are accessible with the running application privileges. Versions 0.7.2 and below are affected.

tags | advisory, denial of service, xxe
advisories | CVE-2015-8549
SHA-256 | 939e9f52f635c72d8bc7877b8213d3c23d28d84296a37c4314ff4368f14040f1
OpenMRS 2.3 (1.11.4) XXE Injection
Posted Dec 8, 2015
Authored by LiquidWorm | Site zeroscience.mk

OpenMRS version 2.3 (1.11.4) suffers from an XML external entity processing vulnerability. The vulnerability is caused due to an error when parsing XML entities within ZIP archives and can be exploited to e.g. disclose data from local resources or cause a DoS condition (billion laughs) via a specially crafted XML file including external entity references.

tags | exploit, local, xxe
SHA-256 | 070b2c30afd808c338b88609b0c09df9664f1cb7251179abf50e418c628aac90
Aethra SV2242E XXE Injection
Posted Dec 3, 2015
Authored by Ahmed Sultan

Aethra SV2242E suffers from an XML external entity injection vulnerability.

tags | exploit, xxe
SHA-256 | f6e1dff459b1b34ead7aedcf8cec0f90b77dec9084aca725feca07e6529faf74
SAP Sybase Adapter Server Enterprise XXE Injection
Posted Nov 25, 2015
Authored by Igor Bulatenko

SAP Sybase Adaptive Server Enterprise suffers from an XXE injection vulnerability.

tags | exploit, xxe
advisories | CVE-2013-6025, OSVDB-98655
SHA-256 | eefc985f29a3508ca13dea522b15ac3c29c4c59a97887c2cc3fc596ee310c5aa
SAP Mobile Platform 2.3 XXE Injection
Posted Nov 23, 2015
Authored by Vahagn Vardanyan

SAP Mobile Platform version 2.3 suffers from an XML external entity injection vulnerability.

tags | exploit, xxe
advisories | CVE-2015-6664
SHA-256 | 763ac979871c176d5a9e6b1f185a1e6109b4d7b5f4517066de0a8a2a92f8f153
SAP NetWeaver 7.4 XXE Injection
Posted Nov 23, 2015
Authored by Roman Bezhan

SAP NetWeaver version 7.4 suffers from an XML external entity injection vulnerability.

tags | exploit, xxe
advisories | CVE-2015-6662
SHA-256 | b5a92464ff47c770ab76479c835e0239d3e5db4770ef988ae3b50741e8e7356c
Google AdWords API PHP Client Library 6.2.0 XXE Injection
Posted Nov 9, 2015
Authored by Dawid Golunski

Google AdWords API PHP client library versions 6.2.0 and below suffer from an XML eXternal Entity injection vulnerability.

tags | exploit, php, xxe
SHA-256 | 6c9916344ebaa174cf5f48cf521868ab0c1c4407426a74e9439a33f3fc409164
Milton Webdav 2.7.0.1 XXE Injection
Posted Nov 2, 2015
Authored by Mikhail Egorov

Milton Webdav version 2.7.0.1 suffers from an XXE injection vulnerability.

tags | exploit, xxe
advisories | CVE-2015-7326
SHA-256 | 46b29fcbd281a787022982aa5892c003ff7312833ef3f70e1d8febb584ffcc1a
eBay Magento XXE Injection
Posted Oct 30, 2015
Authored by Dawid Golunski

eBay Magento CE versions 1.9.2.1 and below and eBay Magento EE versions 1.14.2.1 and below suffer from an XXE injection vulnerability.

tags | exploit, xxe
SHA-256 | 08393363d6670e33368d62daac52944168d2958ae3fd00c5baedaa4999a731b3
Oracle E-Business Suite 12.1.3 XXE Injection
Posted Oct 29, 2015
Authored by Alexey Tyurin, Ivan Chalykin, Nikita Kelesis

Oracle E-Business Suite version 12.1.3 suffers from an XXE injection vulnerability in the /OA_HTML/oramipp_lpr servlet.

tags | advisory, xxe
advisories | CVE-2015-4851
SHA-256 | de8ff071f7c958b91bd1cfd996007fd7b0ecb3dec217f9ae5e66e3d96ad27826
Oracle E-Business Suite 12.1.3 XXE Injection
Posted Oct 29, 2015
Authored by Alexey Tyurin, Ivan Chalykin, Nikita Kelesis

Oracle E-Business Suite version 12.1.3 suffers from an XXE injection vulnerability in the /OA_HTML/IspPunchInServlet servlet.

tags | advisory, xxe
advisories | CVE-2015-4849
SHA-256 | 6fb7e76643fd36ba0f6358346bf6ca64dbdedb6d5bcb98f6fd505aead1f86292
Oracle E-Business Suite 12.1.3 XXE Injection
Posted Oct 29, 2015
Authored by Alexey Tyurin, Ivan Chalykin, Nikita Kelesis

Oracle E-Business Suite version 12.1.3 suffers from an XXE injection vulnerability in the /OA_HTML/copxml servlet.

tags | advisory, xxe
advisories | CVE-2015-4886
SHA-256 | 64f773023ff0e889e6870ab0b5f1dc0367b44615f3ae94952e1f839c93009706
Bosch Security Systems Dinion NBN-498 XML Injection
Posted Oct 2, 2015
Authored by neom22

The Bosch Security Systems Dinion NBN-498 web interface suffers from an XML injection vulnerability.

tags | exploit, web, xxe
advisories | CVE-2015-6970
SHA-256 | a12d29591883d284d568f0ad1d6260eb088acdb48fe2604e353eb253983126e0
SAP Netweaver XML External Entity Injection
Posted Sep 21, 2015
Authored by Lukasz Miedzinski

SAP Netweaver versions prior to 7.01 suffer from an XXE injection vulnerability.

tags | exploit, xxe
advisories | CVE-2015-7241
SHA-256 | 987e7fdca3ec106a0a0d7d54210c112384477f102eb17692cff33e9a889a6a56
SAP Mobile Platform 3 XXE Injection
Posted Sep 10, 2015
Authored by Vahagn Vardanyan

SAP NetWeaver AS Java version 7.4 suffers from multiple XXE vulnerabilities. An attacker can read an arbitrary file on a server by sending a correct XML request with a crafted DTD and reading the response from the service. An attacker can perform a DoS attack (for example, XML Entity Expansion). An SMB Relay attack is a type of Man-in-the-Middle attack where the attacker asks the victim to authenticate into a machine controlled by the attacker, then relays the credentials to the target. The attacker forwards the authentication information both ways and gets access.

tags | exploit, java, arbitrary, vulnerability, xxe
advisories | CVE-2015-5068
SHA-256 | 02e1d0a4e09aea20fa9d257a9bab83f794b1d6fbe455cfe78e609b89f08f57bd
Qlikview 11.20 SR4 Blind XXE Injection
Posted Sep 9, 2015
Authored by Alex Haynes

The Qlikview platform is vulnerable to XML External Entity (XXE) vulnerabilities. More specifically, the platform is susceptible to DTD parameter injections, which are also "blind" as the server feeds back no visual response. These vulnerabilities can be exploited to force Server Side Request Forgeries (SSRF)in multiple protocols, as well as reading and extracting arbitrary files on the server directly. Version 11.20 SR4 is vulnerable.

tags | exploit, arbitrary, vulnerability, protocol, xxe
advisories | CVE-2015-3623
SHA-256 | a5ff2a5356848862e8dae59e2e7566e7cec347863f2849477e43814c9500de31
EMC Atmos 2.3.0 XML External Entity Injection
Posted Sep 2, 2015
Site emc.com

EMC Atmos is affected by an XML eXternal Entity (XXE) injection vulnerability due to the configuration of the XML parser shipped with the product. An XXE injection attack may occur when XML input containing a reference to an external entity is processed by an affected XML parser. XXE injection might allow attackers to gain unauthorized access to files containing sensitive information or might be used to cause denial of service.

tags | advisory, denial of service, xxe
advisories | CVE-2015-4538
SHA-256 | 79c60afb2e7da3e86b0c5b23c6697b2aca1590bf50e05cab1ddeb39c9963b319
Debian Security Advisory 3340-1
Posted Aug 21, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3340-1 - Dawid Golunski discovered that when running under PHP-FPM in a threaded environment, Zend Framework, a PHP framework, did not properly handle XML data in multibyte encoding. This could be used by remote attackers to perform an XML External Entity attack via crafted XML data.

tags | advisory, remote, php, xxe
systems | linux, debian
advisories | CVE-2015-5161
SHA-256 | 23d6416156f37ab76976ca96977e08ed7c0c6841cde302f768e47b512c50093f
SAP NetWeaver AS Java XXE Injection
Posted Aug 18, 2015
Authored by Vahagn Vardanyan

SAP NetWeaver AS Java version 7.4 suffers from an XXE injection vulnerability. Related CVE Number: CVE-2015-4091.

tags | advisory, java, xxe
SHA-256 | 6cfc59352a8bee96dd51e5b8172b86529f4d78b89fc4d04fbb33af78e0cd1d52
Zend Framework 2.4.2 / 1.12.13 XXE Injection
Posted Aug 13, 2015
Authored by Dawid Golunski

Zend Framework versions 2.4.2 and below and 1.12.13 and below suffer from an XML external entity injection vulnerability.

tags | exploit, xxe
advisories | CVE-2015-5161
SHA-256 | cccb5dc964df6b506118b1a8ca7240bbdddcf7b3aded48bd2c1c454e40f791da
Page 4 of 11
Back23456Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close