1013 matches found
SAP TranslationSupport Application XML External Entity Injection Vulnerability
SAP TranslationSupport Application is software from SAP Germany. An XML external entity injection vulnerability exists in the SAP TranslationSupport application. An attacker could exploit this vulnerability to gain access to sensitive information or cause a denial of service...
SAP Composite Application Framework Authorization Tool XML External Entity Injection Vulnerability
SAP Composite Application Framework is the German SAP SAP company integrated SAP NetWeaver to create composite applications for the software. An XML external entity injection vulnerability exists in the SAP Composite Application Framework Authorization Tool. An attacker could exploit this...
RESTEasy XML External Entity Injection Vulnerability
RESTEasy is the United States Red Hat Red Hat, Inc. of a JBoss open source project , which provides a variety of frameworks for building RESTful Web Services and RESTful Java applications . RESTEasy has an XML external entity injection vulnerability. An attacker could exploit this vulnerability t...
JDK: XML External Entity Injection (XXE) error when processing XML data
IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150...
OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)
It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory...
Wonderware Historian Client Native XML External Entity Injection Vulnerability
Schneider Electric Wonderware Historian is the French Schneider Electric Schneider Electric company's set of high-speed data acquisition and storage systems and traditional relational database management system combined with industrial data management software. A local XML external entity injecti...
PT-2023-10261 · Libplist +2 · Libplist +2
Name of the Vulnerable Software and Affected Versions: libplist version 1.12 Description: A problematic issue has been found in the XML Handler component of libplist, specifically affecting the plist from xml function in the src/xplist.c file. This issue leads to an xml external entity reference...
OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)
It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory...
Apache CXF Server Spoofing Vulnerability
Apache CXF is the United States Apache Apache Software Foundation of an open source Web services framework. The framework supports a variety of Web services standards , a variety of front-end programming APIs , etc. JAX-RSXML Security streaming clients is one of the use of XML signatures and XML...
CoDeSys Stack Buffer Overflow Vulnerability
3S-Smart Software Solutions CODESYS is a suite of PLC programmable logic controller software programming tools from 3S-Smart Software Solutions, Germany. CODESYS Web Server is one of the web servers. A stack buffer overflow vulnerability exists in CODESYS Web Server version 2.3 and earlier. An...
IBM Cúram Social Program Management XML External Entity Injection Vulnerability
IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. IBM Cúram Social Program Management suffers from an XML external entity injection vulnerability. A remote attacker cou...
Apache Camel Validation Component Request Forgery Vulnerability
Apache Camel is the United States Apache Apache Software Foundation of a set of open source based on Enterprise Integration Pattern Enterprise Integration Pattern , referred to as EIP integration framework. The framework provides Enterprise Integration Pattern of Java objects POJO implementation ...
Microsoft Windows XML External Entity Information Disclosure Vulnerability
Microsoft Windows is the popular computer operating system. Microsoft Windows suffers from an XML External Entity Information Disclosure vulnerability that can be exploited by an attacker to read sensitive information on the target system...
DEBIAN-CVE-2016-10040
Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service application crash via a xml file with multiple nested open tags...
UBUNTU-CVE-2016-10068
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service segmentation fault and application crash via a crafted XML file...
CVE-2016-8974
IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference ...
IBM Rational Rhapsody Design Manager XML External Entity Injection Vulnerability
IBM Rational Rhapsody Design Manager is a Jazz-based platform from IBM that helps systems engineers apply Model-Based Systems Engineering MBSE through SysML to help embedded software developers dismantle engineering silos and collaborate with key stakeholders, such as managers, quality managers,...
IBM Integration Bus and WebSphere Message Broker XML External Entity Injection Vulnerability
IBM Integration Bus formerly known as IBM WebSphere Message Broker is an enterprise service bus ESB product from IBM. The product provides connectivity and common data transformations for Service Oriented Architecture SOA environments and non-SOA environments. An XML external entity injection...
Cimetrics BACnet Explorer XML External Entity Injection Vulnerability
BACnet Explorer is a BACnet client application that helps to automatically discover BACnet devices. Cimetrics BACnet Explorer suffers from an XML external entity injection vulnerability that can be exploited by an attacker to obtain sensitive information...
DEBIAN-CVE-2016-4571
The mxmlwritenode function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service stack consumption via crafted xml file...