4 matches found
Adobe Substance 3D Stager 缓冲区错误漏洞
Adobe Substance 3D Stager is a virtual 3D studio from the American company Audobee Adobe. A heap buffer overflow vulnerability exists in Adobe Substance 3D Stager in versions 2.0.1 and earlier. The vulnerability stems from a failure to perform security checksums on parameters in a user's context,...
Schneider Electric U.motion Builder Information Disclosure Vulnerability (CNVD-2018-11390)
U.motion Builder is a builder product from Schneider Electric France. An information disclosure vulnerability exists in the Schneider Electric U.motion Builder that stems from improperly filtered validation of context parameter inputs in HTTP GET requests, which can be exploited by an attacker to...
JAX-RS: Information disclosure via XML eXternal Entity (XXE)
It was found that the default context parameters as provided to RESTEasy deployments by JBoss EAP did not explicitly disable external entity expansion for RESTEasy. A remote attacker could use this flaw to perform XML External Entity XXE attacks on RESTEasy applications accepting XML input...
JAX-RS: Information disclosure via XML eXternal Entity (XXE)
It was found that the default context parameters as provided to RESTEasy deployments by JBoss EAP did not explicitly disable external entity expansion for RESTEasy. A remote attacker could use this flaw to perform XML External Entity XXE attacks on RESTEasy applications accepting XML input...