UBUNTU-CVE-2011-1756

modules/xmpp/servxmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue t...

[SECURITY] Fedora 15 Update: jabberd-2.2.14-1.fc15

The jabberd project aims to provide an open-source server implementation of the Jabber protocols for instant messaging and XML routing. The goal of this project is to provide a scalable, reliable, efficient and extensible server that provides a complete set of features and is up to date with the...

PYSEC-2011-20

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments...

DEBIAN-CVE-2011-1425

xslt.c in XML Security Library aka xmlsec before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification...

[SECURITY] Fedora 14 Update: mono-addins-0.5-2.fc14

Mono.Addins is a generic framework for creating extensible applications, and for creating libraries which extend those applications...

XOOPS 2.5.0 <= Cross Site Scripting Vulnerability

XOOPS 2.5.0 = Cross Site Scripting Vulnerability 1. OVERVIEW The XOOPS 2.5.0 and lower versions were vulnerable to Cross Site Scripting. 2. BACKGROUND XOOPS is an acronym of eXtensible Object Oriented Portal System. It's the 1 Content Management System CMS project on www.sourceforge.net and a...

SourceForge open sources its own source !

SourceForge, the popular project hosting site, has released Allura, the software that powers its service, as Apache 2.0 licensed open source. The project to develop Allura began in 2009 and currently an instance of the software, which has also been known as "New Forge" or "Forge 2.0" during...

Watcher v1.5.1 Web security testing tool and passive vulnerability scanner download !

Watcher is a Web security testing tool and passive vulnerability scanner. This tool is in continues development and has updated it features and capabilities. Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's...

Google Chrome information disclosure vulnerability

Overview Google Chrome contains an information disclosure vulnerability. Google Chrome contains an information disclosure vulnerability caused by the improper handling of XML files. Takayoshi Isayama from Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...

Fedora Update for monotone FEDORA-2010-16902

Check for the Version of monotone OpenVAS Vulnerability Test Fedora Update for monotone FEDORA-2010-16902 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Design/Logic Flaw

Untrusted search path vulnerability in Qualcomm eXtensible Diagnostic Monitor QXDM 03.09.19 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc71enu.dll that is located in the same folder as a .isf file...

PT-2010-4733 · Splunk · Splunk

Name of the Vulnerable Software and Affected Versions: Splunk versions 4.0.0 through 4.1.4 Description: The XML parser in Splunk allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity XXE attack. This issue affects the XML parser, which ca...

[SECURITY] Fedora 13 Update: ruby-1.8.6.399-6.fc13

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

[SECURITY] Fedora 11 Update: xar-1.5.2-6.fc11

The XAR project aims to provide an easily extensible archive format. Import ant design decisions include an easily extensible XML table of contents for ran dom access to archived files, storing the toc at the beginning of the archive to allow for efficient handling of streamed archives, the abili...

[SECURITY] Fedora 11 Update: httpd-2.2.15-1.fc11.1

The Apache HTTP Server is a powerful, efficient, and extensible web server...

firefox/thunderbird/seamonkey: browser chrome defacement via cached XUL stylesheets (MFSA 2010-14)

No description is available for this CVE...

The Danger of Open APIs

Ninety years ago KitchenAid released their first countertop mixer, which weighed in at about 69 pounds. More interestingly, the mixer also had a special socket that allowed users to attach assorted add-ons for new functionality such as slicers, shredders and meat grinders. Today this sort of...

[SECURITY] Fedora 12 Update: ruby-1.8.6.383-6.fc12

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

JDK: XML parsing Denial-Of-Service (6845701)

Previously, a denial-of-service flaw was found in Java which allowed the creation of an inifinte loop in XML headers that would consume all CPU resources. This issue was patched and Java is no longer vulnerable to a denial-of-service flaw due to the initiation of an infinte loop by means of XML...

JDK: XML parsing Denial-Of-Service (6845701)

Previously, a denial-of-service flaw was found in Java which allowed the creation of an inifinte loop in XML headers that would consume all CPU resources. This issue was patched and Java is no longer vulnerable to a denial-of-service flaw due to the initiation of an infinte loop by means of XML...