9808 matches found
RESTEasy: XML eXternal Entity (XXE) flaw
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity XXE injection attack...
Moderate: Red Hat Security Advisory: resteasy security update
Updated resteasy packages that fix one security issue are now available for JBoss Enterprise Web Platform 5.1.2 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...
RESTEasy: XML eXternal Entity (XXE) flaw
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity XXE injection attack...
RESTEasy: XML eXternal Entity (XXE) flaw
The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding JAXB input, aka an XML external entity XXE injection attack, a similar vulnerability to...
Moderate: Red Hat Security Advisory: resteasy security update
An update for JBoss Enterprise Web Platform 5.1.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
RESTEasy: XML eXternal Entity (XXE) flaw
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity XXE injection attack...
RESTEasy: XML eXternal Entity (XXE) flaw
The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding JAXB input, aka an XML external entity XXE injection attack, a similar vulnerability to...
Moderate: Red Hat Security Advisory: resteasy security update
An update for JBoss Enterprise Application Platform 5.1.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which give...
Zend Framework Local File Disclosure
No description provided by source. SEC Consult Vulnerability Lab Security Advisory 20120626-0 ======================================================================= title: Local file disclosure via XXE injection product: Zend Framework vulnerable version: 1.11.11 1.12.0 RC1 2.0.0 beta4 and earli...
Zend Framework 2.0.0 beta4 1.12 RC1 1.11.11 - Local File Disclosure
Zend Framework 2.0.0 beta4 1.12 RC1 1.11.11 - Local File Disclosure SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local file disclosure via XXE injection product: Zend Framework vulnerable version: 1.11.11 1.12.0 RC1...
Zend Framework XXE Injection
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local file disclosure via XXE injection product: Zend Framework vulnerable version: 1.11.11 1.12.0 RC1 2.0.0 beta4 and earlier versions / branches fixed version: 1.11.12...
CVE-2012-0037
Redland Raptor aka libraptor before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity XXE declaration and reference in an RDF document...
Xxe
Redland Raptor aka libraptor before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity XXE declaration and reference in an RDF document...
CVE-2012-0037
Redland Raptor aka libraptor before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity XXE declaration and reference in an RDF document...
Squiz CMS - Multiple Cross-Site Scripting XML External Entity Injection Vulnerabilities
Squiz CMS - Multiple Cross-Site Scripting XML External Entity Injection Vulnerabilities source: https://www.securityfocus.com/bid/54049/info Squiz CMS is prone to multiple cross-site scripting vulnerabilities and an XML external entity injection vulnerability because it fails to properly sanitize...
CVE-2012-6685 rubygem-nokogiri: XML eXternal Entity (XXE) flaw
Nokogiri before 1.5.4 is vulnerable to XXE attacks...
PostgreSQL based on the error XML external entity attack 0Day-vulnerability warning-the black bar safety net
Recent foreign security personnel found a PostgreSQL version based on the error XML external entity to perform the high-risk vulnerabilities. After testing, the vulnerability can be from the database server a request to the internal network-SSRF-server side request forgery, and And you can use xm...
Liferay Portal < 6.0.6 Multiple Vulnerabilities
According to its self-reported version number, the installation of Liferay Portal hosted on the remote web server is affected by multiple vulnerabilities : - An arbitrary file download vulnerability exists when Apache Tomcat is used, which allows remote, authenticated users to download arbitrary...
Moderate: Red Hat Security Advisory: JBoss Enterprise Portal Platform 5.2.1 update
JBoss Enterprise Portal Platform 5.2.1, which fixes two security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which giv...
RESTEasy: XML eXternal Entity (XXE) flaw
The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding JAXB input, aka an XML external entity XXE injection attack, a similar vulnerability to...