Super Android Analyzer

Super Android Analyzer Secure, Unified, Powerful and Extensible Rust Android Analyzer SUPER is a command-line application that can be used in Windows, MacOS X and Linux, that analyzes .apk files in search for vulnerabilities. It does this by decompressing APKs and applying a series of rules to...

finecms has xml entity injection vulnerability

FineCMS is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework. An xml entity injection vulnerability exists in finecms. An attacker can use this vulnerability to obtain sensitive information in the database...

Citrix XenMobile Server XML External Entity Information Disclosure Vulnerability

Citrix XenMobile is a mobile device and application management solution. An XML external entity parsing security vulnerability exists in Citrix XenMobile, which could be exploited by remote attackers to submit specially crafted XML data and obtain sensitive information...

FreeRADIUS Security Bypass Vulnerability

FreeRadius is a set of software from the FreeRADIUS Server project that implements the RADIUS protocol. The software is mainly used for account authentication management, bookkeeping management and Internet account management, etc. and contains a Radius server, a client library for BSD protocol...

SAP TranslationSupport Application XML External Entity Injection Vulnerability

SAP TranslationSupport Application is software from SAP Germany. An XML external entity injection vulnerability exists in the SAP TranslationSupport application. An attacker could exploit this vulnerability to gain access to sensitive information or cause a denial of service...

SAP Composite Application Framework Authorization Tool XML External Entity Injection Vulnerability

SAP Composite Application Framework is the German SAP SAP company integrated SAP NetWeaver to create composite applications for the software. An XML external entity injection vulnerability exists in the SAP Composite Application Framework Authorization Tool. An attacker could exploit this...

RESTEasy XML External Entity Injection Vulnerability

RESTEasy is the United States Red Hat Red Hat, Inc. of a JBoss open source project , which provides a variety of frameworks for building RESTful Web Services and RESTful Java applications . RESTEasy has an XML external entity injection vulnerability. An attacker could exploit this vulnerability t...

Apple macOS Sierra EAP-TLS Certificate Validation Vulnerability

Apple macOS is an operating system that runs on Apple's Macintosh line of computers. A certificate validation vulnerability exists in Apple macOS EAP-TLS, which can be exploited by remote attackers to bypass security restrictions and obtain sensitive information...

JDK: XML External Entity Injection (XXE) error when processing XML data

IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150...

[SECURITY] Fedora 25 Update: weechat-1.7.1-1.fc25

WeeChat Wee Enhanced Environment for Chat is a portable, fast, light and extensible IRC client. Everything can be done with a keyboard. It is customizable and extensible with scripts...

OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)

It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory...

[SECURITY] Fedora 26 Update: weechat-1.7.1-1.fc26

WeeChat Wee Enhanced Environment for Chat is a portable, fast, light and extensible IRC client. Everything can be done with a keyboard. It is customizable and extensible with scripts...

iOS Security Testing Framework: needle

iOS Security Testing Framework Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps. Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes...

pydantic

Pydantic Validation !CIhttps://img.shields.io/github/acti...

Wonderware Historian Client Native XML External Entity Injection Vulnerability

Schneider Electric Wonderware Historian is the French Schneider Electric Schneider Electric company's set of high-speed data acquisition and storage systems and traditional relational database management system combined with industrial data management software. A local XML external entity injecti...

PT-2023-10261 · Libplist +2 · Libplist +2

Name of the Vulnerable Software and Affected Versions: libplist version 1.12 Description: A problematic issue has been found in the XML Handler component of libplist, specifically affecting the plist from xml function in the src/xplist.c file. This issue leads to an xml external entity reference...

OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)

It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory...

Mozilla: Use-after-free in txExecutionState destructor during XSLT processing (MFSA 2017-11, MFSA 2017-12)

A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1,...

Apache CXF Server Spoofing Vulnerability

Apache CXF is the United States Apache Apache Software Foundation of an open source Web services framework. The framework supports a variety of Web services standards , a variety of front-end programming APIs , etc. JAX-RSXML Security streaming clients is one of the use of XML signatures and XML...

The vulnerability of the Cisco Firepower Extensible Operating System and the Cisco Unified Computing System Central device management system allows a perpetrator to execute arbitrary commands.

The vulnerability of the debugging functionality of the Cisco Firepower Extensible Operating System and the Cisco Unified Computing System Central device management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating locally,...