Max CVSS 7.5 Min CVSS 2.1 Total Count36
IDCVSSSummaryLast (major) updatePublished
CVE-2018-13417 None
In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from th
13-08-2018 - 13:29 13-08-2018 - 13:29
CVE-2018-13415 None
In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the
13-08-2018 - 13:29 13-08-2018 - 13:29
CVE-2016-8527 4.3
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a log
07-08-2018 - 21:29 06-08-2018 - 16:29
CVE-2016-8526 None
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the c
07-08-2018 - 21:29 06-08-2018 - 16:29
CVE-2018-13416 None
In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files fro
04-08-2018 - 21:29 03-08-2018 - 13:29
CVE-2018-5756 4.0
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users
15-06-2018 - 21:29 15-06-2018 - 21:29
CVE-2018-5755 7.1
Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a fu
15-06-2018 - 21:29 15-06-2018 - 21:29
CVE-2018-5754 3.5
Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related t
15-06-2018 - 21:29 15-06-2018 - 21:29
CVE-2018-5753 4.0
The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the "personal pa
15-06-2018 - 21:29 15-06-2018 - 21:29
CVE-2018-5752 6.5
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involvin
15-06-2018 - 21:29 15-06-2018 - 21:29
CVE-2018-5751 4.0
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via v
15-06-2018 - 21:29 15-06-2018 - 21:29
CVE-2017-17062 4.0
The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privile
15-06-2018 - 21:29 15-06-2018 - 21:29
CVE-2018-10079 2.1
Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating (1) config.xml or (2) servers.xml.
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2018-10078 3.5
Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description.
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2018-10077 4.0
XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data.
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2018-9115 5.0
Systematic SitaWare 6.4 SP2 does not validate input from other sources sufficiently. e.g., information utilizing the NVG interface. An attacker can freeze the Situational Layer, which means that the Situational Picture is no longer updated. Unfortuna
04-04-2018 - 15:29 04-04-2018 - 15:29
CVE-2017-10309 6.8
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple prot
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-12629 7.5
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is N
14-10-2017 - 19:29 14-10-2017 - 19:29
CVE-2015-7241 7.5
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.
06-09-2017 - 17:29 06-09-2017 - 17:29
CVE-2017-9979 4.3
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn't sanitized in this case. An attacker
28-08-2017 - 15:29 28-08-2017 - 15:29
CVE-2017-9978 5.0
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on
28-08-2017 - 15:29 28-08-2017 - 15:29
CVE-2016-6256 6.8
SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i.vplatform.runtime/INB_WS_CALL_SYNC_XPT/INB_WS_CALL
25-05-2017 - 21:29 25-05-2017 - 21:29
CVE-2017-7953 3.5
INFOR EAM V11.0 Build 201410 has XSS via comment fields.
16-05-2017 - 06:29 16-05-2017 - 06:29
CVE-2017-7952 6.5
INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter.
16-05-2017 - 06:29 16-05-2017 - 06:29
CVE-2017-3548 6.4
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attac
04-05-2017 - 11:54 24-04-2017 - 15:59
CVE-2015-2125 4.0
Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors.
30-12-2016 - 21:59 07-06-2015 - 14:59
CVE-2015-2841 5.0
Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types.
02-12-2016 - 22:06 03-04-2015 - 10:59
CVE-2015-2682 5.0
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml.
02-12-2016 - 22:05 26-03-2015 - 10:59
CVE-2016-2388 5.0
The Universal Worklist Configuration in SAP NetWeaver 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.
30-11-2016 - 22:09 16-02-2016 - 10:59
CVE-2016-2386 7.5
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.
30-11-2016 - 22:08 16-02-2016 - 10:59
CVE-2016-4469 6.8
Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new repository proxy connectors via the token parameter to
28-11-2016 - 15:18 28-07-2016 - 12:59
CVE-2016-3473 4.0
Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality via unknown vectors.
28-11-2016 - 15:09 25-10-2016 - 10:29
CVE-2015-8399 4.0
Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.
14-04-2016 - 13:33 11-04-2016 - 17:59
CVE-2015-8398 4.3
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check.
13-04-2016 - 19:29 11-04-2016 - 17:59
CVE-2015-3623 6.4
XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx.
17-09-2015 - 14:43 16-09-2015 - 14:59
CVE-2009-3960 4.3
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain se
26-02-2010 - 02:09 15-02-2010 - 13:30
Back to Top Mark selected
Back to Top