CVE-2015-10029

CRITICAL Year: 2015
CVSS v3 Score
9.8
Critical
CVSS v2 Score
4.9
Medium
Weakness Type
CWE-611
View all →

Vulnerability Description

A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. This vulnerability affects unknown code of the file simplexrd/simplexrd.class.php. The manipulation leads to xml external entity reference. Upgrading to version 3.1.1 is able to address this issue. The patch is identified as 4c9f2e028523ed705b555eca2c18c64e71f1a35d. It is recommended to upgrade the affected component. VDB-217630 is the identifier assigned to this vulnerability.

Related Vulnerabilities

CVE-2013-4334

CRITICAL
CVSS:9.8(Critical)

opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities

CWE-6112013

CVE-2014-0030

CRITICAL
CVSS:9.8(Critical)

The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.

CWE-6112014

CVE-2014-125087

CRITICAL
CVSS:9.8(Critical)

A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference....

CWE-6112014

CVE-2014-2052

CRITICAL
CVSS:9.8(Critical)

Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML Ex...

CWE-6112014

CVE-2014-3005

CRITICAL
CVSS:9.8(Critical)

XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or poten...

CWE-6112014

CVE-2014-3244

CRITICAL
CVSS:9.8(Critical)

XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in a...

CWE-6112014