Total
1153 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17186 | 1 Apache | 1 Syncope | 2024-11-21 | N/A |
| An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution. | ||||
| CVE-2018-17169 | 1 Printeron | 1 Printeron | 2024-11-21 | N/A |
| An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | ||||
| CVE-2018-17152 | 1 Intersystems | 1 Cache | 2024-11-21 | N/A |
| Intersystems Cache 2017.2.2.865.0 allows XXE. | ||||
| CVE-2018-16792 | 1 Solarwinds | 1 Sftp\/scp Server | 2024-11-21 | 9.1 Critical |
| SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data. | ||||
| CVE-2018-16521 | 1 Openmrs | 2 Html Form Entry, Reference Application | 2024-11-21 | N/A |
| An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0. | ||||
| CVE-2018-16252 | 1 Fspro | 1 Event Log Explorer | 2024-11-21 | N/A |
| FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection. | ||||
| CVE-2018-16166 | 1 Jpcert | 1 Logontracer | 2024-11-21 | N/A |
| LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors. | ||||
| CVE-2018-15805 | 1 Accusoft | 1 Prizmdoc | 2024-11-21 | N/A |
| Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption). | ||||
| CVE-2018-15531 | 1 Javamelody Project | 1 Javamelody | 2024-11-21 | N/A |
| JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. | ||||
| CVE-2018-15506 | 1 Bubblesoftapps | 1 Bubbleupnp | 2024-11-21 | N/A |
| In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running BubbleUPnP, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack the cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains. | ||||
| CVE-2018-15362 | 1 Ge | 1 Cimplicity | 2024-11-21 | N/A |
| XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0 | ||||
| CVE-2018-14720 | 4 Debian, Fasterxml, Oracle and 1 more | 21 Debian Linux, Jackson-databind, Banking Platform and 18 more | 2024-11-21 | N/A |
| FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. | ||||
| CVE-2018-14485 | 1 Blogengine | 1 Blogengine.net | 2024-11-21 | N/A |
| BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd. | ||||
| CVE-2018-14473 | 1 Ocsinventory-ng | 1 Ocsinventory Ng | 2024-11-21 | N/A |
| OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service. | ||||
| CVE-2018-14383 | 1 Ttpsc | 1 The Scheduler | 2024-11-21 | N/A |
| The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. It was fixed in the versions 5.2.1 and 3.3.7 | ||||
| CVE-2018-14065 | 1 Phpoffice Project | 1 Common | 2024-11-21 | N/A |
| XMLReader.php in PHPOffice Common before 0.2.9 allows XXE. | ||||
| CVE-2018-13826 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2024-11-21 | N/A |
| An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks. | ||||
| CVE-2018-13823 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2024-11-21 | N/A |
| An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information. | ||||
| CVE-2018-13439 | 1 Tencent | 1 Wechat Pay | 2024-11-21 | N/A |
| WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a merchant notification URL. | ||||
| CVE-2018-13417 | 1 Vuze | 1 Bittorrent Client | 2024-11-21 | N/A |
| In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running Vuze, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains. | ||||