| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information. |
| An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system. |
| An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network. |
| In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit
document type definition (DTD) references to external entities.
This means that if a user chooses to use a malicious report definition XML file containing an external entity reference
to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.
|
| Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16. |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1. |
| Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2. |
| Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9. |
| A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.
|
| Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint. |
| One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a session timeout, click on the Help icon, observe that there is a browser window for the One Identity website, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\SYSTEM. |
| IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 275116.
|
| IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335. |
| External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git. |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1. |
| Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4. |
| In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
|
| Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11. |
| Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0. |
| Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5. |
