1907 matches found
Symantec Endpoint Protection Manager Vulnerabilities
SUMMARY The management console for Symantec Endpoint Protection Manager does not properly handle external XML data, which could potentially allow unauthorized access to restricted server-side data and console management functionality. The management console for Symantec Endpoint Protection Manage...
Debian Security Advisory DSA 2857-1 (libspring-java - several vulnerabilities)
It was discovered by the Spring development team that the fix for the XML External Entity XXE Injection CVE-2013-4152 in the Spring Framework was incomplete. Spring MVC's SourceHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option ...
DSA-2857-1 libspring-java - several
Bulletin has no description...
Drupal OpenID External Entity Injection
This module abuses an XML External Entity Injection vulnerability on the OpenID module from Drupal. The vulnerability exists in the parsing of a malformed XRDS file coming from a malicious OpenID endpoint. This module has been tested successfully on Drupal 7.15 and 7.2 with the OpenID module...
Debian: Security Advisory (DSA-2842-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apache Solr < 4.3.1 XML External Entity Injection
The version of Apache Solr running on the remote web server is affected by an XML external entity injection vulnerability due to an incorrectly configured XML parser in the 'DocumentAnalysisRequestHandler' class. A remote, unauthenticated attacker can exploit this flaw to gain access to arbitrary...
[CVE-2013-4295] Apache Shindig information disclosure vulnerability
CVE-2013-4295: XXE vulnerability In Apache Shindig 2.5.0 PHP Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Shindig PHP 2.5.0 Description: The gadget renderer in the PHP version of Apache Shindig is subject to an XML External Entity XXE Injection attack. The...
PT-2016-35: XML External Entity Injection in Liebert SiteScan
The specialists of the Positive Research center have detected an XML External Entity Injection vulnerability in Liebert SiteScan. Vulnerability in Liebert SiteScan allows attackers to obtain sensitive information via a specially crafted XML request. How to fix Update your software up to the lates...
Cisco Prime Data Center Network Manager < 6.2(1) Multiple Vulnerabilities (credentialed check)
According to its self-reported version number, the version of Cisco Prime Data Center Network Manager DCNM installed on the remote host is affected by multiple vulnerabilities : - Multiple remote command execution vulnerabilities exist in the DCNM-SAN Server component. CVE-2013-5486 - An...
Cisco Prime Data Center Network Manager < 6.2(1) Multiple Vulnerabilities (uncredentialed check)
According to its self-reported version number, the version of Cisco Prime Data Center Network Manager DCNM installed on the remote host is affected by multiple vulnerabilities : - Multiple remote command execution vulnerabilities exist in the DCNM-SAN Server component. CVE-2013-5486 - An...
Cisco Releases Security Advisory for Cisco Prime Data Center Network Manager (DCNM)
Cisco has released three security advisories to address multiple vulnerabilities affecting various components of Cisco Prime Data Center Network Manager DCNM. These vulnerabilities may allow an unauthenticated, remote attacker to disclose file components and access text files on an affected devic...
RESTEasy: XML eXternal Entity (XXE) flaw
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity XXE injection attack...
JVN#24713981: PHP OpenID Library vulnerable to XML external entity injection
The PHP OpenID Library contains an XML external entity injection vulnerability. Impact When processing specially crafted XRDS data, information on the server may be disclosed or server resources may be consumed excessively. Solution Apply a Patch The source code in the repository has been fixed...
Sybase EAServer <= 6.3.1 Multiple Security Vulnerabilities - Active Check
Sybase EAServer is prone to multiple security vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Sybase EAServer 6.3.1 - Multiple Vulnerabilities
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Sybase EAServer vulnerable version: =6.3.1 fixed version: vendor did not supply version information CVE number: - impact: critical...
Sybase EAServer 6.3.1 Multiple Vulnerabilities
Sybase EAServer versions 6.3.1 and below suffer from directory traversal, XML entity injection, and OS command execution vulnerabilities. title: Multiple vulnerabilities product: Sybase EAServer vulnerable version: =6.3.1 fixed version: vendor did not supply version information CVE number: -...
SEC Consult SA-20130719-0 :: Multiple vulnerabilities in Sybase EAServer
SEC Consult Vulnerability Lab Security Advisory 20130719-0 ======================================================================= title: Multiple vulnerabilities product: Sybase EAServer vulnerable version: =6.3.1 fixed version: vendor did not supply version information CVE number: - impact:...
SEC Consult SA-20130625-0 :: Multiple vulnerabilities in IceWarp Mail Server
SEC Consult Vulnerability Lab Security Advisory 20130625-0 ======================================================================= title: Multiple vulnerabilities in IceWarp Mail Server product: IceWarp Mail Server vulnerable version: =10.4.5 fixed version: 10.4.5-1 impact: Critical homepage:...
Sybase EAServer 6.3.1 Directory Traversal / XXE Injection / Command Execution
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Sybase EAServer vulnerable version: =6.3.1 fixed version: vendor did not supply version information CVE number: - impact: critical...
WordPress < 3.5.2 Multiple Vulnerabilities
Binary data 6883.prm...