Search
Search Results (1249 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-2656 | 1 Talend | 1 Restlet | 2024-08-06 | 7.5 High |
| An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive information. | ||||
| CVE-2012-2239 | 2 Debian, Mahara | 2 Debian Linux, Mahara | 2024-08-06 | 9.1 Critical |
| Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php. | ||||
| CVE-2012-1102 | 1 Xml\ | 1 \ | 2024-08-06 | 7.5 High |
| It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used. | ||||
| CVE-2012-0818 | 1 Redhat | 10 Jboss Bpms, Jboss Brms, Jboss Enterprise Application Platform and 7 more | 2024-08-06 | N/A |
| RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack. | ||||
| CVE-2013-6440 | 3 Internet2, Redhat, Shibboleth | 10 Opensaml, Fuse Esb Enterprise, Fuse Management Console and 7 more | 2024-08-06 | N/A |
| The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration. | ||||
| CVE-2013-6447 | 1 Redhat | 1 Jboss Seam 2 Framework | 2024-08-06 | N/A |
| Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have other impacts via a crafted XML file. | ||||
| CVE-2013-4549 | 2 Digia, Qt | 2 Qt, Qt | 2024-08-06 | N/A |
| QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. | ||||
| CVE-2013-4334 | 1 Tejimaya | 1 Opwebapiplugin | 2024-08-06 | 9.8 Critical |
| opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities | ||||
| CVE-2013-4333 | 1 Tejimaya | 1 Openpne | 2024-08-06 | 9.1 Critical |
| OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability | ||||