Axios Systems Assyst 代码问题漏洞

Axios Systems Assyst is an off-the-shelf application from UK-based Axios Systems for managing IT services without the complexity and overhead associated with ITSM platforms such as ServiceNow and BMC Remedy. Axios Systems Assyst version 10 SP7.5 suffers from a security vulnerability that stems fr...

body-parser-xml 代码问题漏洞

body-parser-xml is an XML body parser that converts incoming XML data into a JSON representation. a code issue vulnerability exists in body-parser-xml, which stems from an error in the product's implementation of certain functionality. No details of the vulnerability are currently available...

USN-5061-1 scilab vulnerabilities

It was discovered that Scilab did not properly sanitize XML inputs. An atacker could use a crafted XML file to cause a denial of service or possibly execute arbitrary code...

UBUNTU-CVE-2021-39847

XMP Toolkit SDK version 2020.1 and earlier is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file...

UBUNTU-CVE-2021-36055

XMP Toolkit SDK versions 2020.1 and earlier are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

UBUNTU-CVE-2021-39371

An XML external entity XXE injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected...

XStream 代码问题漏洞

XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...

Brutus - An Educational Exploitation Framework Shipped On A Modular And Highly Extensible Multi-Tasking And Multi-Processing Architecture

An educational exploitation framework shipped on a modular and highly extensible multi-tasking and multi-processing architecture. Brutus: an Introduction Looking for version 1? See the branches in this repository. Brutus is an educational exploitation framework written in Python. It automates pre...

CVE-2021-37178

A vulnerability has been identified in Solid Edge SE2021 All Versions SE2021MP7. An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted xml file...

AT&T Labs Xmill 缓冲区错误漏洞

AT&T Labs Xmill is a new tool for efficiently compressing XML data from AT&T Labs, USA. A security vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem function in AT&T Labs Xmill version 0.7. An attacker could exploit the vulnerability to remotely execute code...

Magento Commerce安全漏洞

Magento Commerce is to provide a best-in-class shopping experience without the need for developer support. A security vulnerability exists in Magento Commerce, which exists due to incorrect input validation when processing XML data. A remote administrator can pass specially crafted XML data to th...

Magento Commerce 安全漏洞

Magento Commerce is to provide a best-in-class shopping experience without the need for developer support. A security vulnerability exists in Magento Commerce, which exists due to incorrect input validation when processing XML data. A remote administrator can pass specially crafted XML data to th...

Magento Commerce 和 Magento Open Source 操作系统命令注入漏洞

Magento Open Source is to provide basic e-commerce functionality that allows you to build unique online stores from scratch.Magento Commerce is to provide a best-in-class shopping experience without the need for developer support. An operating system command injection vulnerability exists in...

AT&T Labs Xmill 缓冲区错误漏洞

AT&T Labs Xmill is a new tool for efficiently compressing XML data from AT&T Labs, USA. A security vulnerability exists in the XML Decompression DecodeTreeBlock feature of AT&T Labs Xmill 0.7, which allows an attacker to supply a specially crafted XMI file leading to remote code execution...

Tianocore Edk2 安全漏洞

Tianocore Edk2 is a cross-platform firmware development environment from the Tianocore community that follows the UEFI and PI specifications. A security vulnerability exists in Tianocore Edk2 that allows an attacker to access sensitive data...

Several Malware Families Targeting IIS Web Servers With Malicious Modules

A systematic analysis of attacks against Microsoft's Internet Information Services IIS servers has revealed as many as 14 malware families, 10 of them newly documented, indicating that the Windows-based web server software continues to be a hotbed for natively developed malware for close to eight...

[SECURITY] Fedora 34 Update: ruby-3.0.2-149.fc34

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

Arch Linux 代码问题漏洞

Arch Linux is an application system from Arch Open Source. A lightweight and flexible Linux® distribution that tries to keep it simple. A code issue vulnerability exists in Arch Linux that stems from a failure to adequately validate user-entered XML data, which could allow an attacker to pass...

kernel: security bypass in certs/blacklist.c and certs/system_keyring.c

A flaw was found in the Linux kernel in certs/blacklist.c, When signature entries for EFICERTX509GUID are contained in the Secure Boot Forbidden Signature Database, the entries are skipped. This can cause a security threat and breach system integrity, confidentiality and even lead to a denial of...

Oracle Database Server 输入验证错误漏洞

Oracle Database Server is a relational database management system from Oracle Corporation USA. An information disclosure vulnerability exists in the Oracle XML DB component of Oracle Database Server versions 12.1.0.2, 12.2.0.1, and 19c, which could be exploited by an attacker to cause unauthorize...