CVE-2022-43689 Concrete CMS is vulnerable to XXE DNS requests that disclose IPs.
Requesting the MX hostname record for a subdomain leading to the server’s public IP address, for instance
www.example.com
results in the delivery
CVE-2022-45194 CBRN-Analysis before 22 allows XXE attacks, leading to NTLMv2-SSP hash disclosure.
CVE-2016-3626 An XXE attack can occur when parsing am mws XML document in CCM before 22 allows XXE attacks via am mws XML document, leading
CVE-2022-27233 - Understanding the XML Injection Flaw in Intel® Quartus Prime Programmer
> _On May 2022, Intel issued an advisory about CVE-2022-27233, detailing a critical XML injection vulnerability in the Quartus® Prime Programmer - a popular FPGA
CVE-2022-43120 An XSS vulnerability in Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML.
This issue is rated as critical due to the possibility of remote code execution and the fact that it can be exploited via a maliciously
CVE-2022-43570 - Exploiting Splunk Enterprise – How XXE Injection Lets Attackers Leak Data
Splunk Enterprise is one of the most popular platforms for searching, monitoring, and analyzing machine-generated big data. But sometimes, security vulnerabilities pop up even in
Episode
00:00:00
00:00:00