A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending malicious requests to a targeted system that contain references within XML entities. An exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive inform…
GHSA-gm7g-6h7x-rpgr: A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service↗2022-05-24
▶
CVEList
Cisco Security Manager XML Entity Expansion Vulnerability↗2019-06-20
▶
💥Exploits & PoCs
6
Exploit-DB
Linux Kernel 5.1.x - 'PTRACE_TRACEME' pkexec Local Privilege Escalation (2)↗2021-11-23
▶
Exploit-DB
Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation↗2019-11-25
▶
Exploit-DB
Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation↗2019-11-14
▶
Exploit-DB
Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass↗2019-08-26
▶
Exploit-DB
Microsoft Windows 10 1903/1809 - RPCSS Activation Kernel Security Callback Privilege Escalation↗2019-07-18
▶
📋Vendor Advisories
2
Citrix
CVE-2019-13608: Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.↗2019-08-29
▶
Cisco
Cisco Security Manager XML Entity Expansion Vulnerability↗2019-06-19
▶
🕵️Threat Intelligence
1
Unit42
Threat Brief: Microsoft DNS Server Wormable Vulnerability CVE-2020-1350↗2020-07-21
▶
💬Community
2
Bugzilla
CVE-2019-17040 rsyslog: out-of-bounds read in contrib/pmdb2diag/pmdb2diag.c↗2019-10-29
▶
Bugzilla
CVE-2019-13272 kernel: broken permission and object lifetime handling for PTRACE_TRACEME↗2019-07-17
▶
CVE-2019-1903 (CRITICAL CVSS 9.1) | A vulnerability in Cisco Security M | cvebase.io