62 matches found
The vulnerability of SAP Business Process Automation platform relates to errors in restricting XML references to external objects. This allows attackers to carry out attacks by injecting external XML entities into the system.
The vulnerability of the SAP Business Process Automation BPA platform relates to errors in restricting XML references to external objects, which are obtained from unverified sources. Exploiting this vulnerability allows a malicious actor to carry out an attack by injecting external XML entities a...
Deserialization of untrusted data
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity XXE attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization...
The vulnerability of the IBM QRadar SIEM system’s event collection and analysis process is related to improper restrictions on XML links to external objects. This allows attackers to disclose sensitive information or exploit memory resources.
The vulnerability of the IBM QRadar SIEM event collection and analysis system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to disclose protected information or utilize memory resources...
The vulnerability of the Castor XML software component for Cisco WebEx Meetings Server allows a attacker to disclose protected information.
The vulnerability of the Castor XML software component for Cisco WebEx Meetings Server relates to errors in restricting XML references to external objects. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...
The vulnerability of the BEx Web Java Runtime Export web service of the SAP Business Intelligence software integration platform allows a perpetrator to gain access to the file system or cause a service failure.
The vulnerability of the BEx Web Java Runtime Export Web Service application of the SAP Business Intelligence software integration platform is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to gain access to the...
The vulnerability of the Apache XML-RPC library (ws-xmlrpc) is related to improper restrictions on XML links to external objects, which allows attackers to perform SSRF attacks.
The vulnerability of the Apache XML-RPC library ws-xmlrpc is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to perform SSRF attacks using specially crafted DTDs...
Adobe ColdFusion 11 XML External Entity Injection
============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-4264 - APSB16-30 - Release date: 31.08.2016 - Severity: Critical ============================================= I. VULNERABILITY -------------------------...
The vulnerability of the application interface of IBM WebSphere Portal servers allows a hacker to trigger a service failure or read arbitrary files.
The vulnerability of the XML parser in the IBM WebSphere Portal user interface relates to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to read arbitrary files or cause service failures by declaring external links that are related ...
XML Entity Cheatsheet - Updated
An XML Entity testing cheatsheet. This is an updated version with nokogiri tests removed, just XXE notes. XML Declarations: 1 2 | ---|--- Vanilla entity test: 1 | &post ---|--- SYSTEM entity test xxe: 1 | ---|--- Parameter Entity. One of the benefits is a paremeter entity is automatically expande...
Apple OS X iBooks File Handling Information Disclosure Vulnerability
Apple OS X is an operating system developed by Apple Inc. A vulnerability in Apple OS X's handling of iBooks files that reference external XML entities allows attackers to exploit the vulnerability to obtain sensitive information...
WSO2 Identity Server 5.0.0 XSS / CSRF / XXE Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: WSO2 Identity Server other WSO2 Carbon based products may be affected too...
Updated jakarta-taglibs-standard packages fix CVE-2015-0254
Updated jakarta-taglibs-standard packages fix security vulnerability: David Jorm discovered that the Apache Standard Taglibs incorrectly handled external XML entities. A remote attacker could possibly use this issue to execute arbitrary code or perform other external XML entity attacks...
MGASA-2015-0140 Updated jakarta-taglibs-standard packages fix CVE-2015-0254
Updated jakarta-taglibs-standard packages fix security vulnerability: David Jorm discovered that the Apache Standard Taglibs incorrectly handled external XML entities. A remote attacker could possibly use this issue to execute arbitrary code or perform other external XML entity attacks...
Ubuntu 14.04 LTS : Apache Standard Taglibs vulnerability (USN-2551-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2551-1 advisory. David Jorm discovered that the Apache Standard Taglibs incorrectly handled external XML entities. A remote attacker could possibly use this issue to execute...
USN-2551-1: Apache Standard Taglibs vulnerability
David Jorm discovered that the Apache Standard Taglibs incorrectly handled external XML entities. A remote attacker could possibly use this issue to execute arbitrary code or perform other external XML entity attacks...
Xxe
Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity XXE attacks via a crafted XSLT extension in a 1 or 2 JSTL XML tag...
CVE-2015-0254
Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity XXE attacks via a crafted XSLT extension in a 1 or 2 JSTL XML tag...
Apache Tomcat 8.0.x < 8.0.4 Multiple Vulnerabilities
Binary data 8936.pasl...
Enalean Tuleap 7.2 - XXE File Disclosure
No description provided by source. Vulnerability title: Tuleap = 7.2 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 7.2 and earlier Fixed version: 7.4.99.5 Reported by: Jerzy Kramarz Details: A multiple XML External Entity...
Apache Tomcat 6.0.x < 6.0.40 Multiple Vulnerabilities
According to its self-reported version number, the instance of Apache Tomcat 6.0.x listening on the remote host is prior to 6.0.40. It is, therefore, affected by the following vulnerabilities : - An error exists related to chunk size and chunked requests that allows denial of service attacks...