Lucene search
K

1907 matches found

Symantec
Symantec
added 2014/02/13 8:0 a.m.44 views

Symantec Endpoint Protection Manager Vulnerabilities

SUMMARY The management console for Symantec Endpoint Protection Manager does not properly handle external XML data, which could potentially allow unauthorized access to restricted server-side data and console management functionality. The management console for Symantec Endpoint Protection Manage...

7.5CVSS0.1AI score0.67573EPSS
Exploits18Affected Software1
OpenVAS
OpenVAS
added 2014/02/08 12:0 a.m.53 views

Debian Security Advisory DSA 2857-1 (libspring-java - several vulnerabilities)

It was discovered by the Spring development team that the fix for the XML External Entity XXE Injection CVE-2013-4152 in the Spring Framework was incomplete. Spring MVC's SourceHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option ...

6.8CVSS5.8AI score0.90455EPSS
Exploits1References1
OSV
OSV
added 2014/02/08 12:0 a.m.34 views

DSA-2857-1 libspring-java - several

Bulletin has no description...

6.8CVSS5.6AI score0.90455EPSS
Exploits0
Metasploit
Metasploit
added 2014/01/24 12:4 a.m.54 views

Drupal OpenID External Entity Injection

This module abuses an XML External Entity Injection vulnerability on the OpenID module from Drupal. The vulnerability exists in the parsing of a malformed XRDS file coming from a malicious OpenID endpoint. This module has been tested successfully on Drupal 7.15 and 7.2 with the OpenID module...

5CVSS6.8AI score0.15812EPSS
Exploits4
OpenVAS
OpenVAS
added 2014/01/12 12:0 a.m.28 views

Debian: Security Advisory (DSA-2842-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.8AI score0.26467EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2014/01/07 12:0 a.m.49 views

Apache Solr < 4.3.1 XML External Entity Injection

The version of Apache Solr running on the remote web server is affected by an XML external entity injection vulnerability due to an incorrectly configured XML parser in the 'DocumentAnalysisRequestHandler' class. A remote, unauthenticated attacker can exploit this flaw to gain access to arbitrary...

6.4CVSS5.9AI score0.114EPSS
Exploits0References3
securityvulns
securityvulns
added 2013/10/28 12:0 a.m.82 views

[CVE-2013-4295] Apache Shindig information disclosure vulnerability

CVE-2013-4295: XXE vulnerability In Apache Shindig 2.5.0 PHP Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Shindig PHP 2.5.0 Description: The gadget renderer in the PHP version of Apache Shindig is subject to an XML External Entity XXE Injection attack. The...

5CVSS0.7AI score0.12169EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2013/10/03 12:0 a.m.6 views

PT-2016-35: XML External Entity Injection in Liebert SiteScan

The specialists of the Positive Research center have detected an XML External Entity Injection vulnerability in Liebert SiteScan. Vulnerability in Liebert SiteScan allows attackers to obtain sensitive information via a specially crafted XML request. How to fix Update your software up to the lates...

9.8CVSS9.4AI score0.03521EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2013/09/27 12:0 a.m.34 views

Cisco Prime Data Center Network Manager < 6.2(1) Multiple Vulnerabilities (credentialed check)

According to its self-reported version number, the version of Cisco Prime Data Center Network Manager DCNM installed on the remote host is affected by multiple vulnerabilities : - Multiple remote command execution vulnerabilities exist in the DCNM-SAN Server component. CVE-2013-5486 - An...

10CVSS8.7AI score0.75962EPSS
Exploits6References7
Tenable Nessus
Tenable Nessus
added 2013/09/27 12:0 a.m.44 views

Cisco Prime Data Center Network Manager < 6.2(1) Multiple Vulnerabilities (uncredentialed check)

According to its self-reported version number, the version of Cisco Prime Data Center Network Manager DCNM installed on the remote host is affected by multiple vulnerabilities : - Multiple remote command execution vulnerabilities exist in the DCNM-SAN Server component. CVE-2013-5486 - An...

10CVSS8.7AI score0.75962EPSS
Exploits6References7
CISA
CISA
added 2013/09/22 12:0 a.m.13 views

Cisco Releases Security Advisory for Cisco Prime Data Center Network Manager (DCNM)

Cisco has released three security advisories to address multiple vulnerabilities affecting various components of Cisco Prime Data Center Network Manager DCNM. These vulnerabilities may allow an unauthenticated, remote attacker to disclose file components and access text files on an affected devic...

7.6AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/09/16 3:7 a.m.7 views

RESTEasy: XML eXternal Entity (XXE) flaw

RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity XXE injection attack...

5CVSS7.5AI score0.03213EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2013/08/21 12:0 a.m.44 views

JVN#24713981: PHP OpenID Library vulnerable to XML external entity injection

The PHP OpenID Library contains an XML external entity injection vulnerability. Impact When processing specially crafted XRDS data, information on the server may be disclosed or server resources may be consumed excessively. Solution Apply a Patch The source code in the repository has been fixed...

7.5CVSS6.3AI score0.02997EPSS
Exploits1
OpenVAS
OpenVAS
added 2013/08/08 12:0 a.m.42 views

Sybase EAServer <= 6.3.1 Multiple Security Vulnerabilities - Active Check

Sybase EAServer is prone to multiple security vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

7.4AI score
Exploits0References1
Exploit DB
Exploit DB
added 2013/07/22 12:0 a.m.56 views

Sybase EAServer 6.3.1 - Multiple Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Sybase EAServer vulnerable version: =6.3.1 fixed version: vendor did not supply version information CVE number: - impact: critical...

7.4AI score
Exploits0
0day.today
0day.today
added 2013/07/19 12:0 a.m.38 views

Sybase EAServer 6.3.1 Multiple Vulnerabilities

Sybase EAServer versions 6.3.1 and below suffer from directory traversal, XML entity injection, and OS command execution vulnerabilities. title: Multiple vulnerabilities product: Sybase EAServer vulnerable version: =6.3.1 fixed version: vendor did not supply version information CVE number: -...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2013/07/19 12:0 a.m.54 views

SEC Consult SA-20130719-0 :: Multiple vulnerabilities in Sybase EAServer

SEC Consult Vulnerability Lab Security Advisory 20130719-0 ======================================================================= title: Multiple vulnerabilities product: Sybase EAServer vulnerable version: =6.3.1 fixed version: vendor did not supply version information CVE number: - impact:...

Exploits0
securityvulns
securityvulns
added 2013/07/19 12:0 a.m.179 views

SEC Consult SA-20130625-0 :: Multiple vulnerabilities in IceWarp Mail Server

SEC Consult Vulnerability Lab Security Advisory 20130625-0 ======================================================================= title: Multiple vulnerabilities in IceWarp Mail Server product: IceWarp Mail Server vulnerable version: =10.4.5 fixed version: 10.4.5-1 impact: Critical homepage:...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2013/07/19 12:0 a.m.45 views

Sybase EAServer 6.3.1 Directory Traversal / XXE Injection / Command Execution

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Sybase EAServer vulnerable version: =6.3.1 fixed version: vendor did not supply version information CVE number: - impact: critical...

0.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/05/25 12:0 a.m.33 views

WordPress < 3.5.2 Multiple Vulnerabilities

Binary data 6883.prm...

4.3CVSS6.7AI score0.03373EPSS
Exploits3References11
Rows per page
Query Builder