Microsoft SQL Server Management Studio Information Disclosure Vulnerability

Microsoft SQL Server Management Studio is an integrated environment for managing multiple SQL infrastructures from Microsoft. The product is mainly used for setting up, monitoring and managing SQL programs. An information disclosure vulnerability exists in Microsoft SQL Server Management Studio...

Cisco IOS XE Software Access Control Error Vulnerability

Cisco IOS XE Software is an operating system developed by Cisco for its network devices. An access control error vulnerability exists in the MACsec Key Agreement MKA using Extensible Authentication Protocol-Transport Layer Security EAP-TLS functionality in Cisco IOS XE Software, which arises from...

Authentication flaw

A vulnerability in the MACsec Key Agreement MKA using Extensible Authentication Protocol-Transport Layer Security EAP-TLS functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic through a Layer 3 interface of an affected...

CVE-2018-1588

IBM Jazz Foundation IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resource...

slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...

CVE-2018-16252

FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection...

Mobile Application Testing Toolkit: Scrounger

Even though several other mobile application analysis tools have been developed, there is no one tool that can be used for both android and ios and can be called a “standard” must use on every mobile application assessment. The idea behind Scrounger is to make a metasploit-like tool that will not...

DEBIAN-CVE-2018-1000652

JabRef version =4.3.1 contains a XML External Entity XXE vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted MsBib file. This...

Cisco Small Business 100 Series Wireless Access Points and Small Business 300 Series Wireless Access Points Denial of Service Vulnerability

Cisco Small Business 100 Series Wireless Access Points and Small Business 300 Series Wireless Access Points are different series of wireless access point products from Cisco, which provide high-capacity wireless LAN and guest access services, among other features. The Extensible Authentication...

ALPINE-CVE-2018-14567

libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service infinite loop via a crafted XML file that triggers LZMAMEMLIMITERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251...

CVE-2018-0415

A vulnerability in the implementation of Extensible Authentication Protocol over LAN EAPOL functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticated, adjacent attacker to cause a denial of servic...

CVE-2018-0412

A vulnerability in the implementation of Extensible Authentication Protocol over LAN EAPOL functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of...

ALPINE-CVE-2017-2640

An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process...

The vulnerability of the Firmware component of the Mac OS X operating system, which allows a hacker to modify the EFI flash memory regions

The vulnerability of the Firmware component of the Mac OS X operating system is related to insufficient access control. Exploiting this vulnerability could allow an attacker to modify the EFI flash memory areas using a specially crafted privileged application...

Fortify Software Security Center (SSC) XXE Vulnerability

Micro Focus Fortify Software Security Center SSC is a software security management platform from Micro Focus UK. A XXE vulnerability exists in Fortify Software Security Center SSC that could allow a remote, unauthenticated user to read arbitrary files or conduct server-side request forgery SSRF...

Microsoft Windows EMET XML External Entity Injection Vulnerability

Microsoft Windows 10 and others are a series of operating systems released by the American company Microsoft Microsoft, Enhanced Mitigation Experience Toolkit is a free security toolkit for Microsoft Windows. An XML external entity injection vulnerability exists in Microsoft Windows EMET, which...

CVE-2018-1000526

Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulnerability appears to have been fixed in after commit 4974a26...

The vulnerability of the form development tool for data input based on XML, Microsoft InfoPath, arises from errors in object processing in memory, allowing attackers to execute arbitrary code.

The vulnerability of the form development tool for input data based on XML is due to an operation going beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted file...

Cisco FXOS and NX-OS CFS Arbitrary Code Execution Vulnerability (CNVD-2018-11965)

Cisco Firepower 4100 Series Next-Generation Firewalls are all products of Cisco Corporation.Cisco Firepower 4100 Series Next-Generation Firewalls is a 4100 series firewall device. Cisco Firepower 4100 Series Next-Generation Firewalls are 4100 series firewalls.MDS 9000 Series Multilayer Switches a...

ALC WebCTRL XML External Entity Injection Vulnerability

ALC WebCTRL is a building automation control system from Automated Logic Corporation ALC. An XML external entity injection vulnerability exists in ALC WebCTRL. The vulnerability can be exploited to disclose the contents of a file on the underlying web server operating system via the 'X-Wap-Profil...