Showing 1 - 1 of 1

CVE-2015-3623

Status Candidate

Overview

XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx.

Related Files

Qlikview 11.20 SR4 Blind XXE Injection: Posted Sep 9, 2015; Authored by Alex Haynes; The Qlikview platform is vulnerable to XML External Entity (XXE) vulnerabilities. More specifically, the platform is susceptible to DTD parameter injections, which are also "blind" as the server feeds back no visual response. These vulnerabilities can be exploited to force Server Side Request Forgeries (SSRF)in multiple protocols, as well as reading and extracting arbitrary files on the server directly. Version 11.20 SR4 is vulnerable.; tags | exploit, arbitrary, vulnerability, protocol, xxe; advisories | CVE-2015-3623; SHA-256 | a5ff2a5356848862e8dae59e2e7566e7cec347863f2849477e43814c9500de31; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 297 files
Ubuntu 60 files
Gentoo 32 files
Debian 31 files
LiquidWorm 10 files
Apple 9 files
malvuln 6 files
Adam Gowdiak 4 files
nu11secur1ty 4 files
Ahmet Umit Bayram 4 files

File Archives

Systems

AIX (429)
Apple (2,087)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,042)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,619)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,770)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,499)
UNIX (9,401)
UnixWare (187)
Windows (6,659)
Other

CVE-2015-3623

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems