Exploitdb Exploits

24 exploits tracked across all sources.

Sort: Newest Stars
EIP-2026-107727 EXPLOITDB xml
ICE Hrm 29.0.0.OS - 'xml upload' Stored Cross-Site Scripting (XSS)
by Piyush Patil
CVE-2013-3617 EXPLOITDB xml VERIFIED
Openbravo Erp < 3.0 - Access Control
The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue.
by Tod Beardsley
CVE-2013-4034 EXPLOITDB xml VERIFIED
IBM Cognos Business Intelligence - Access Control
IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
by IBM
CVE-2012-1592 EXPLOITDB HIGH xml VERIFIED
Apache Struts < 2.5.22 - Unrestricted File Upload
A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.
by voidloafer
CVSS 8.8
CVE-2009-4171 EXPLOITDB xml VERIFIED
Yahoo! Messenger <9.0.0.2162 - DoS
An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument.
by HACKATTACK
CVE-2009-0162 EXPLOITDB xml VERIFIED
Safari <3.2.3-4 Public Beta - XSS
Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL.
by Billy Rios
CVE-2009-1467 EXPLOITDB xml VERIFIED
Icewarp Email Server < 9.3.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the body of a message, related to the email view and incorrect HTML filtering in the cleanHTML function in server/inc/tools.php; or the (2) title, (3) link, or (4) description element in an RSS feed, related to the getHTML function in server/inc/rss/item.php.
by RedTeam Pentesting GmbH
EIP-2026-103977 EXPLOITDB xml VERIFIED
MagpieRSS 0.72 - CDATA HTML Injection
by system_meltdown
CVE-2008-4409 EXPLOITDB xml VERIFIED
Xmlsoft Libxml2 - Resource Management Error
libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281.
by Christian Weiske
CVE-2008-4437 EXPLOITDB xml VERIFIED
Mozilla Bugzilla - Path Traversal
Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path is enabled, allows remote attackers to read arbitrary files via an XML file with a .. (dot dot) in the data element.
by ilja van sprundel
CVE-2007-5607 EXPLOITDB xml VERIFIED
HP Instant Support < 1.0.0.23 - Code Injection
Buffer overflow in the RegistryString function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5604, CVE-2007-5605, and CVE-2007-5606.
by Dennis Rand
CVE-2007-5604 EXPLOITDB xml VERIFIED
HP Instant Support < 1.0.0.23 - Code Injection
Buffer overflow in the ExtractCab function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5605, CVE-2007-5606, and CVE-2007-5607.
by Dennis Rand
CVE-2007-5610 EXPLOITDB xml VERIFIED
HPISDataManager <1.0.0.24 - Path Traversal
The DeleteSingleFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to delete an arbitrary file via a full pathname in the argument.
by Dennis Rand
CVE-2008-0952 EXPLOITDB xml VERIFIED
HPISDataManagerLib.Datamgr <1.0.0.24 - RCE
The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the content in the second argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953.
by Dennis Rand
CVE-2008-0953 EXPLOITDB xml VERIFIED
HPISDataManagerLib.Datamgr <1.0.0.24 - RCE
The StartApp function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary programs via a .exe filename in the argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953.
by Dennis Rand
CVE-2007-2210 EXPLOITDB xml VERIFIED
Netsprint Ask IE Toolbar - Buffer Overflow
A certain ActiveX control in askPopStp.dll in Netsprint Ask IE Toolbar 1.1 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long AddAllowed property value, related to "improper memory handling," possibly a buffer overflow.
by Michal Bucko
CVE-2007-1008 EXPLOITDB xml VERIFIED
Apple iTunes 7.0.2 - DoS
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation.
by poplix
EIP-2026-104620 EXPLOITDB xml VERIFIED
Parallels - Drag and Drop Hidden Share
by Rich Mogull
CVE-2007-0896 EXPLOITDB xml VERIFIED
Sage <1.3.10 - XSS
Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712.
by Fukumori
CVE-2006-6919 EXPLOITDB xml VERIFIED
Firefox Sage <1.3.8 - XSS
Firefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing ">", which Sage modifies to close the img element before the malicious script.
by pdp
EIP-2026-100082 EXPLOITDB xml VERIFIED
Microsoft ASP.NET 1.0/1.1 - RPC/Encoded Remote Denial of Service
by Bryan Sullivan
CVE-2005-1306 EXPLOITDB HIGH xml VERIFIED
Adobe Reader/Acrobat <7.0.1 - Info Disclosure
The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability."
by Sverre H. Huseby
CVSS 7.5
EIP-2026-119172 EXPLOITDB xml VERIFIED
Sun J2EE/RI 1.4 / Sun JDK 1.4.2 - JDBC Database Insecure Default Policy
by Marc Schoenefeld
EIP-2026-104092 EXPLOITDB xml VERIFIED
Sun ONE Unified Development Server 5.0 - Recursive Document Type Definition
by Sun Microsystems
By Source
All 24 Exploitdb 50,196 Writeup 43,060 Nomisec 19,721 Metasploit 3,028 Github 2,086 Vulncheck_xdb 887 Inthewild 518 Gitlab 431 Gitee 415 Patchapalooza 312
By Language
text 31,307 ruby 5,759 python 5,758 c 3,536 perl 2,854 html 2,051 php 1,332 bash 459 java 359 javascript 255 c++ 242 shell 54 go 38 postscript 25 xml 24