#xxe — Public Fediverse posts

https://www.europesays.com/fr/607903/ « Nous sommes toujours en travaux », son château du XXe siècle, une bâtisse bourgeoise avec 12 chambres au cœur de la Picardie #12 #au #avec #bâtisse #bourgeoise #chambres #chateau #Cœur #DE #Divertissement #du #En #Entertainment #FR #France #francky #l'a #Nous #people #Picardie #siècle #sommes #son #toujours #Travaux #une #Vincent #xxe

Security issues with electronic invoices
https://invoice.secvuln.info/
#ycombinator #xxe #xml #einvoice #en16931 #xslt #xslt20 #java #saxon

Une souscription lancée pour restaurer le piano d’un compositeur français du XXe siècle

Les biographes de Samson François, pianiste et compositeur français spécialiste du répertoire romantique, ont lancé une souscription pour…
#Rennes #FR #France #Actu #News #Europe #EU #actu #Actualités #bretagne #compositeur #europe #français #lancée #piano #Républiquefrançaise #restaurer #siècle #souscription #xxe
https://www.europesays.com/fr/455332/

https://www.europesays.com/fr/455332/ Une souscription lancée pour restaurer le piano d’un compositeur français du XXe siècle #actu #Actualités #bretagne #compositeur #EU #europe #FR #français #France #lancée #News #piano #Rennes #RépubliqueFrançaise #restaurer #siècle #souscription #xxe

Very well written breakdown of the discovery and patching of xxe and ../ in Xerox FreeFlow.

https://horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day/

#cve #xxe

Уязвимости XXE в разрезе Java

В этой статье мы рассмотрим дефект безопасности XXE в контексте Java. Поговорим о причинах возникновения и возможных последствиях, посмотрим на примеры и, конечно, обсудим способы защиты.

https://habr.com/ru/companies/axiomjdk/articles/934388/

#XXE #Java #XML #security #информационная_безопасность #axiomjdk #axiom_jdk #openjdk #libercat

Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis:

https://horizon3.ai/attack-research/attack-blogs/cisco-ios-xe-wlc-arbitrary-file-upload-vulnerability-cve-2025-20188-analysis/

#cybersecurity #xxe #infosec #cve #vulnerability #threathunting #exploitation

License Plate Detector by Darkart (every camera you drive by surveillance) This program is intended solely for ethical and educational purposes. #anon #anonymous #graphicdesign #programing #coding #engineers #tech #technology #hacker #hacking #python #linux #c #rust #HCI #XXE #sql #security #news

Dont Stop Believing Anonymous youtu.be/9HK-MLamafs?... #anon #anonymous #graphicdesign #programing #coding #engineers #nerds #tech #technology #hacker #hacking #python #linux #c #rust #binary #HCI #XXE #sql #security

Dont Stop Believing Anonymous ...

#tmnt #3d #model #print #retro #remake #defcon #anon #anonymous #graphicdesign #programing #coding #engineers #nerds #tech #technology #hacker #hacking #python #linux #c #rust #binary #HCI #XXE #sql #security

#defcon #anon #anonymous #graphicdesign #programing #coding #engineers #nerds #tech #technology #hacker #hacking #python #linux #c #rust #binary #HCI #XXE #sql #security

THIS ISNT EVEN MY FINAL FORM #defcon #anon #anonymous #graphicdesign #programing #coding #engineers #nerds #tech #technology #hacker #hacking #python #linux #c #rust #binary #HCI #XXE #sql #security

PAGE MASTER by DarkArt (webpage viewer bot) This program is intended solely for ethical and educational purposes. #anon #anonymous #graphicdesign #programing #coding #engineers #nerds #tech #technology #hacker #hacking #python #linux #c #rust #binary #HCI #XXE #sql #security

siren song by DarkArt (data to audio encryption) This program is intended solely for ethical and educational purposes. #anon #anonymous #graphicdesign #programing #coding #engineers #nerds #tech #technology #hacker #hacking #python #linux #c #rust #binary #HCI #XXE #sql #security

À l'atelier de l’#international : Antonin Dubois (univ. Lorraine), Un internationalisme étudiant en action? Les Cosmopolitan Clubs états-uniens (1903–1914).

25 mars | 15h | format hybride

https://www.dhi-paris.fr/fr/informations-detaillees/seminare/SeminarTime/detail/online-und-vor-ort-atelier-des-internationalen4245.html

#CosmopolitanClubs #XXe #histoireétudiante #histodons @histodons

Chrono Vault (TIME CAPSULE ENCRYPTION)by DarkArt This program is intended solely for ethical and educational purposes. #anon #anonymous #graphicdesign #programing #coding #engineers #nerds #tech #technology #hacker #hacking #python #linux #c #rust #binary #HCI #XXE #sql #security

ZEROKOOL HACKER 1995 MOVIE #anon #anonymous #graphicdesign #programing #coding #engineers #nerds #tech #technology #hacker #hacking #python #linux #c #rust #binary #HCI #XXE #sql #security

Book of Secrets by DarkArt This program is intended solely for ethical and educational purposes. #anon #anonymous #graphicdesign #programing #coding #engineers #nerds #tech #technology #hacker #hacking #python #linux #c #rust #binary #HCI #XXE #sql #security

Arachne by DarkArt This program is intended solely for ethical and educational purposes. #anon #anonymous #graphicdesign #programing #coding #engineers #nerds #tech #technology #hacker #hacking #python #linux #c #rust #binary #HCI #XXE #sql

CVE-2024-40896 Analysis: libxml2 XXE due to type confusion

https://www.openwall.com/lists/oss-security/2024/12/25/2

#cve #linux #libxml2 #xxe #vulnerability #exploitation #bug #typeconfusion

🚨 New Perspective on #Magento #XXE Vulnerability! 🚨

Most write-ups cover the basic arbitrary file read vector. We’ve taken it further to demonstrate how CVE-2024-34102 can be chained to impersonate an admin user! 🔐

https://github.com/redwaysecurity/CVEs/tree/main/CVE-2024-34102

#CyberSecurity #InfoSec

CVE-2024-30043: Abusing URL Parsing Confusion to #Exploit #XXE on #SharePoint Server and Cloud

https://www.thezdi.com/blog/2024/5/29/cve-2024-30043-abusing-url-parsing-confusion-to-exploit-xxe-on-sharepoint-server-and-cloud

Getting XXE in Web Browsers using ChatGPT - by Igor Sak-Sakovskiy -
https://swarm.ptsecurity.com/xxe-chrome-safari-chatgpt/ < Using XLS’s document() function for loading remote XML documents to trigger XXE 🤔 #infosec #XXE

CVE-2024-23525 has been fixed in latest release of Spreadsheet::ParseXLSX

https://metacpan.org/dist/Spreadsheet-ParseXLSX

#perl #cve #security #xxe

"XXE-scape through the front door: circumventing the firewall with HTTP request smuggling"

In this write-up, I explain all about how I bypassed a firewall stopping me from exploiting an XXE vulnerability. So if you think your firewall alone will keep the bad guys out, think again!

https://honoki.net/2020/03/18/xxe-scape-through-the-front-door-circumventing-the-firewall-with-http-request-smuggling/

#repost #crosspost #xxe #bugbounty #writeup

How can I manipulate certain server side responses? Specifically Ajax Responses? XXE Attack? Hybrid DNS Resolution?

https://security.stackexchange.com/questions/267058/how-can-i-manipulate-certain-server-side-responses-specifically-ajax-responses

#dnsspoofing #burpsuite #dnsmasq #csrf #xxe

"XXE-scape through the front door: circumventing the firewall with HTTP request smuggling"

Read my write-up about a pretty cool way in which I bypassed a firewall stopping me from exploiting an XXE vulnerability.

https://honoki.net/2020/03/18/xxe-scape-through-the-front-door-circumventing-the-firewall-with-http-request-smuggling/ #bugbounty #writeup #xxe #crosspost

If you haven't heard about local DTDs in XXE yet, check it out here: https://github.com/GoSecure/dtd-finder/blob/698fd678f26395e1c7c097525f7182aecad0cd5f/list/xxe_payloads.md

Another cool trick with error-based XXE is to access a file starting with colon (:) to trigger a "no protocol" error.

#xxe #websec