Trent Gordon

4 exploits Active since Sep 2017
EIP-2026-119674 EXPLOITDB text WORKING POC
ExpertGPS 6.38 - XML External Entity Injection
CVE-2017-8918 EXPLOITDB MEDIUM text WORKING POC
Blackwave Dive Assistant - Desktop Edition 8.0 - Info Disclosure
XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file.
CVSS 5.5
CVE-2017-9095 EXPLOITDB MEDIUM text WORKING POC
Diving Log < 6.0.9 - XML External Entity Injection via Subsurface Import
XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import.
CVSS 5.5
CVE-2018-10832 EXPLOITDB MEDIUM text WORKING POC
ModbusPal 1.6b - XML External Entity Injection via Crafted .xmpp or .xmpa Files
ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, when opened/imported in ModbusPal, will return the contents of any local files to a remote attacker.
CVSS 5.5