Trent Gordon

4 exploits Active since Sep 2017
EIP-2026-119674 EXPLOITDB text WORKING POC
ExpertGPS 6.38 - XML External Entity Injection
CVE-2017-8918 EXPLOITDB MEDIUM text WORKING POC
Blackwave Dive Assistant - Desktop Edition 8.0 - Info Disclosure
XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file.
CVSS 5.5
CVE-2017-9095 EXPLOITDB MEDIUM text WORKING POC
Diving Log 6.0 - Info Disclosure
XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import.
CVSS 5.5
CVE-2018-10832 EXPLOITDB MEDIUM text WORKING POC
Modbuspal - XXE
ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, when opened/imported in ModbusPal, will return the contents of any local files to a remote attacker.
CVSS 5.5