192 matches found
PYSEC-2023-97
easy-parse v0.1.1 was discovered to contain a XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
PYSEC-2023-96
requests-xml v0.2.3 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
CVE-2020-26709
py-xml v1.0 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
Requests-XML 代码问题漏洞
Requests-XML is a library for parsing XML from the individual developers at erinxocon. A security vulnerability exists in requests-xml version v0.2.3, which stems from the inclusion of an XML External Entity Injection XXE vulnerability that allows an attacker to execute arbitrary code via a craft...
CVE-2020-26709
py-xml v1.0 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
CVE-2020-26708
requests-xml v0.2.3 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
CVE-2023-33693
A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service DoS via a crafted XML file...
CVE-2023-33693
A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service DoS via a crafted XML file...
Buffer overflow
A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service DoS via a crafted XML file...
CVE-2023-33693
CVE-2023-33693 affects EasyPlayerPro-Win, versions 3.2.19.0106 through 3.6.19.0823. A buffer overflow in processing a crafted XML file leads to Denial of Service (DoS). CVSS data indicates a local attack vector with user interaction required; impact on availability is high. Connected sources corr...
CVE-2023-33693
A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service DoS via a crafted XML file...
CBL Mariner 2.0 Security Update: libxslt / libxml2 (CVE-2022-29824)
The version of libxslt / libxml2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-29824 advisory. - In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer...
XML External Entity (XXE)
urule is vulnerable to XML External Entities XXE. A remote attacker is able to execute arbitrary code by uploading a crafted XML file to /urule/common/saveFile...
CVE-2023-24189
An XML External Entity XXE vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile...
CVE-2023-24189
An XML External Entity XXE vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile...
CVE-2023-24189
Summary (CVE-2023-24189) : An XML External Entity (XXE) vulnerability in urule v2.1.7 allows remote code execution by uploading a crafted XML file to the API endpoint /urule/common/saveFile. This affects urule’s XML handling and is deemed CRITICAL (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H; b...
CVE-2023-24187
An XML External Entity XXE vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile...
CVE-2023-24187
An XML External Entity XXE vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile...
Cross-site Scripting (XSS)
feehi/feehicms is vulnerable to cross site scripting. The vulnerability exists due to improper user-input sanitization, which allows a remote attacker to run arbitrary code via uploading a crafted XML file...
CVE-2022-40373
Cross Site Scripting XSS vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file...