CVE-2017-13706 - Lansweeper XML External Entity (XXE) Vulnerability - Mehmet Ince @mdisec - Vulnerability Researcher | Building security products | Security Advisor

Description

XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705.

Vulnerability Information

Product / Framework: Lansweeper
Vendor Domain: talosintelligence.com
Vulnerability Type: N/A
CVE Details: View Full CVE Details →

CVE-2017-13706 – Lansweeper XML External Entity (XXE) Vulnerability

Description

Vulnerability Information

You may also enjoy…

The Story of a Perfect Exploit Chain: Six Bugs That Looked Harmless Until They Became Pre-Auth RCE in a Security Appliance

Inside PostHog: How SSRF, a ClickHouse SQL Escaping 0day, and Default PostgreSQL Credentials Formed an RCE Chain (ZDI-25-099, ZDI-25-097, ZDI-25-096)

The Chessboard of Security: Insights on Product Development and Vulnerabilities from a Hacker Perspective

Digital Cosmos: A Journey Through the Galaxy of Vulnerabilities

CVE-2021-3825 | LiderAhenk 0day – All your PARDUS Clients Belongs To Me