The vulnerability of Netweaver Application Server Java web applications lies in insufficient validation of requests on the server side, allowing attackers to expose privileged user credentials.

The vulnerability of Netweaver Application Server Java web applications is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to obtain privileged user credentials by using a specially created XML file...

XML Entity Injection Vulnerability in Apache Commons-digester Component

Apache is web server software.Commons-digester is Apache is a component that converts XML into JAVA beans. An XML entity injection vulnerability exists in the Apache Commons-digester component. By constructing malicious content, an attacker can cause arbitrary files to be read and system commands...

POC-T

This is a Python-based penetration testing framework called POC-T. It is a concurrent framework that allows users to perform various types of attacks, including vulnerability verification, file upload, weak password cracking, and more. The framework has a modular design, with each module...

jackson-mapper-asl XML External Entity Vulnerability

jackson-mapper-asl is a data mapping package built on the Jackson JSON processor. An XML external entity vulnerability exists in version 1.9.x of jackson-mapper-asl. No detailed vulnerability details are provided at this time...

The vulnerability of the Enterprise Resource Management System “Galaktika ERP” allows a hacker to initiate requests for resources on behalf of the server.

The vulnerability of the .res components of the Enterprise Resource Management System “Galaktika ERP” is related to the functionality of importing XML configurations. Exploiting this vulnerability allows a malicious actor to initiate requests to any resource on behalf of the server by performing...

Jaeles - The Swiss Army Knife For Automated Web Application Testing

Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner. Installation go get -u github.com/jaeles-project/jaeles Please visit the Official Documention for more details. Checkout Signature Repo for base signature. Usage More usage...

XML Entity Injection Vulnerability in Panmicro E-cology

Panmicro Collaborative Management Application Platform e-cology is a collaborative business platform with enterprise information portal, knowledge management, data center, workflow management, human resource management, customer and partner management, project management, financial management, an...

CVE-2019-16284

A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFIBOOTSERVICES structure might be overwritten by an attacker to execute arbitrary SM...

edk2: stack overflow in XHCI causing denial of service

Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access...

ClipSoft REXPERT XML Injection Vulnerability

ClipSoft REXPERT is a report generation program from ClipSoft Korea. An injection vulnerability exists in ClipSoft REXPERT XML. An attacker can exploit this vulnerability to create and execute arbitrary files via the report printing function...

The vulnerability of the syntactic analyzer of the Microsoft XML Core Services for Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the syntactic analyzer of the Microsoft XML Core Services for Windows operating systems is related to errors in processing user input. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by having the user open a specially created web page...

How We Developed Our EQR Plugins

Extensible Analytics with EQR’s Lightweight, Ultra-Performance Plugin System I’ve written a few posts now on the plans and development of EQR Event Query Router, the open-source tool we built to give data scientists the ability to execute large-scale queries on real-time big data streams without...

The vulnerability of the libexpat function in the C language library, which is used for performing XML parsing, allows an attacker to cause a denial-of-service attack.

The vulnerability of the libexpat function in the C language library for performing XML parsing in Expat involves the XML parser itself, which consumes a large amount of memory and CPU resources. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

DumpsterFire - "Security Incidents In A Box!" A Modular, Menu-Driven, Cross-Platform Tool For Building Customized, Time-Delayed, Distributed Security Events

DumpsterFire Toolset - "Security Incidents In A Box!" The DumpsterFire Toolset is a modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create...

[SECURITY] Fedora 31 Update: libldb-2.0.7-1.fc31

An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases...

Implementing EQR — Creating a Solution for Real-Time Processing of Disparate Big Data Sources

Building an Event Query Router for Big Data Translation and Processing In a previous post, we discussed the data engineering challenge of scaling security. Analyzing the volume and variety of data required by a cybersecurity application isn’t an easy process, so we are always looking for innovati...

DEBIAN-CVE-2019-15903

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read...

Exploit for CVE-2019-12586

ESP32/ESP8266 Wi-Fi Attacks This repository is part of a re...

CVE-2019-15637

Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop...

IBM Security Guardium Big Data Intelligence XML External Entity Injection Vulnerability

IBM Security Guardium Big Data Intelligence SonarG is a suite of big data security intelligence solutions from IBM, USA. The solution features interactive data exploration, automated connectivity analysis, and user activity analysis. An XML external entity injection vulnerability exists in IBM...