SUSE CVE-2021-4249

A vulnerability was found in xml-conduit. It has been classified as problematic. Affected is an unknown function of the file xml-conduit/src/Text/XML/Stream/Parse.hs of the component DOCTYPE Entity Expansion Handler. The manipulation leads to infinite loop. It is possible to launch the attack...

PT-2022-11601

Name of the Vulnerable Software and Affected Versions xml-conduit versions prior to 1.9.1.0 Description A vulnerability was found in the DOCTYPE Entity Expansion Handler component of xml-conduit, affecting an unknown function of the file xml-conduit/src/Text/XML/Stream/Parse.hs. The manipulation...

CVE-2021-4249 xml-conduit DOCTYPE Entity Expansion Parse.hs infinite loop

A vulnerability was found in xml-conduit. It has been classified as problematic. Affected is an unknown function of the file xml-conduit/src/Text/XML/Stream/Parse.hs of the component DOCTYPE Entity Expansion Handler. The manipulation leads to infinite loop. It is possible to launch the attack...

VulnCheck KEV: CVE-2015-1398

Multiple directory traversal vulnerabilities in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 allow remote authenticated users to include and execute certain PHP files via 1 .. dot dot sequences in the PATHINFO to index.php or 2 vectors involving a block value...

VulnCheck KEV: CVE-2015-1399

PHP remote file inclusion vulnerability in the fetchView function in the MageCoreBlockTemplateZend class in Magento Community Edition CE 1.9.1.0 and Enterprise Edition EE 1.14.1.0 allows remote administrators to execute arbitrary PHP code via a URL in unspecified vectors involving the...

CVE-2015-3458

CVE-2015-3458 affects Magento CE 1.9.1.0 and EE 1.14.1.0. The fetchView function in Mage_Core_Block_Template_Zend does not restrict the stream wrapper in a template path, enabling remote administrators to include and execute arbitrary PHP files via the phar:// stream wrapper, related to the setSc...