1907 matches found
odata4j XML External Entity Injection Vulnerability
odata4j is a new open source toolkit. An external entity injection vulnerability exists in odata4j XML, which can be exploited by attackers to obtain sensitive information...
mcms v3.1.0 sql注入+任意文件读取。
简要描述: rt。打包 详细说明: app/weixin/notify.php $wx=new weixin; if$wx-checksignature //用于更改通知地址 ifisset$GET"echostr" die$GET"echostr"; //被动响应消息和事件 responsemsg; function responsemsg global $dbm,$C; $postStr = $GLOBALS"HTTPRAWPOSTDATA"; if!empty$postStr $postObj = simplexmlloadstring$postStr,...
McAfee ePolicy Orchestrator 'conditionXML' Parameter XML External Entity Injection Vulnerability
McAfee ePolicy Orchestrator ePO is an industry-leading systems security management solution that helps organizations effectively defend against a wide range of malicious threats and attacks. An XML external entity injection vulnerability exists in the McAfee ePolicy Orchestrator 'conditionXML'...
NetIQ Access Manager 4.0 SP1 - Multiple Vulnerabilities
Exploit for jsp platform in category web applications product: NetIQ Access Manager vulnerable version: 4.0 SP1 fixed version: 4.0 SP1 Hot Fix 3 CVE number: CVE-2014-5214, CVE-2014-5215, CVE-2014-5216, CVE-2014-5217 impact: High homepage: https://www.netiq.com/ found: 2014-10-29 by: W. Ettlinger...
NetIQ Access Manager < 4.0 SP1 Hot Fix 3 Multiple Vulnerabilities - Active Check
NetIQ Access Manager suffers from cross-site request forgery CSRF, XML external entity XXE injection, information disclosure, and cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...
JVN#91502163: Direct Web Remoting (DWR) vulnerable to XML external entity injection
Direct Web Remoting DWR is a Java framework for developing Ajax into web applications. DWR contains an XML external entity injection vulnerability CWE-611. Impact When an application uses a function to convert DOM data DOMConverter, JDOMConverter, DOM4JConverter or XOMConverter and a specially...
Enalean Tuleap 7.2 - XXE File Disclosure
No description provided by source. Vulnerability title: Tuleap = 7.2 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 7.2 and earlier Fixed version: 7.4.99.5 Reported by: Jerzy Kramarz Details: A multiple XML External Entity...
Symantec Endpoint Protection Manager < 12.1 RU5 Multiple Vulnerabilities (SYM14-015)
The version of Symantec Endpoint Protection Manager SEPM installed on the remote host is 12.1 prior to 12.1 RU5. It is, therefore, affected by the following vulnerabilities : - An XML external entity XXE injection vulnerability due to improper validation of XML external entities. A remote attacke...
Symantec Endpoint Protection Manager Multiple Issues
SUMMARY The management console for Symantec Endpoint Protection Manager SEPM is susceptible to multiple vulnerabilities including XML External Entity Injection, reflected cross-site scripting and the potential for arbitrary file write/overwrite. AFFECTED PRODUCTS Product | Version | Build |...
Scalix Web Access <= 11.4.6.12377, 12.x <= 12.2.0.14697 XXE and XSS Vulnerability
Scalix Web Access is prone to an XML external entity XXE injection and to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
F5 Big-IP 11.3.0.39.0 XML External Entity Injection #2
Vulnerability title: XML External Entity Injection in F5 Networks Big-IP CVE: CVE-2014-6033 Vendor: F5 Networks Product: Big-IP Affected version: 11.3.0.39.0 Fixed version: N/A Reported by: Oliver Gruskovnjak Details: F5 Networks Big-IP is vulnerable to an XML External Entity injection attack. Th...
Tuleap 7.2 XXE Injection
Vulnerability title: Tuleap = 7.2 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 7.2 and earlier Fixed version: 7.4.99.5 Reported by: Jerzy Kramarz Details: A multiple XML External Entity Injection has been found and confirmed...
Enalean Tuleap 7.2 - XML External Entity File Disclosure
Vulnerability title: Tuleap = 7.2 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 7.2 and earlier Fixed version: 7.4.99.5 Reported by: Jerzy Kramarz Details: A multiple XML External Entity Injection has been found and confirmed...
SOL15605 - XML Entity Injection vulnerabilities CVE-2014-6032 and CVE-2014-6033
Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not...
XML Entity Cheatsheet
An XML Entity testing cheatsheet. Testing was done using an older vulnerable version of nokogiri. In IRB you can require previous versions of gems. Certain techniques e.g. XInclude may require additional settings in Nokogiri. XML Headers: 1 2 | ---|--- Vanilla entity test: 1 | &post ---|--- SYSTE...
Hewlett-Packard Intelligent Management Center RssServlet Information Disclosure Vulnerability
This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is required to exploit this vulnerability. The specific flaw exists within the RssServlet servlet. This servlet exhibits an XML...
XML External Entity (XXE) Injection
Overview Scrapy is a high-level web crawling and web scraping framework, used to crawl websites and extract structured data from their pages. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the sitemap reader. Details XXE Injection is a type of attack...
EMC Cloud Tiering Appliance (CTA) XML外部实体注入漏洞
Bugtraq ID:66547 EMC Cloud Tiering Appliance能够协助存储管理人员有效简单的管理以档案为单位的非结构性数据。 EMC Cloud Tiering Appliance在解析XML数据时存在输入验证漏洞可导致XML注入漏洞,允许攻击者提交特殊的POST请求,获取敏感信息。 0 EMC Cloud Tiering Appliance CTA 10.0 目前没有详细解决方案: http://china.emc.com/archiving/cloud-tiering-appliance.htm POST /api/login HTTP/1.1 Host:...
McAfee ePolicy Orchestrator < 4.6.7 HF940148 XML Entity Injection (SB10065)
The remote Windows host is running a version of McAfee ePolicy Orchestrator ePO prior to 4.6.7 hotfix 940148. It is, therefore, affected by an XML entity injection vulnerability due to a failure to properly sanitize user-supplied input. An authenticated, remote attacker with permission to add new...
Symantec Endpoint Protection Manager < 11.0 RU7-MP4a / 12.1 RU4a Multiple Vulnerabilities (SYM14-004)
The version of Symantec Endpoint Protection Manager SEPM running on the remote host is either 11.x prior to 11.0 RU7-MP4a or 12.x prior to 12.1 RU4a. It is, therefore, affected by multiple vulnerabilities: - SEPM is affected by an XML external entity injection vulnerability due to a failure to...