Lucene search
+L

62 matches found

BDU FSTEC
BDU FSTEC
added 2019/01/28 12:0 a.m.6 views

The vulnerability of SAP Business Process Automation platform relates to errors in restricting XML references to external objects. This allows attackers to carry out attacks by injecting external XML entities into the system.

The vulnerability of the SAP Business Process Automation BPA platform relates to errors in restricting XML references to external objects, which are obtained from unverified sources. Exploiting this vulnerability allows a malicious actor to carry out an attack by injecting external XML entities a...

5.5CVSS6.8AI score0.01678EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2019/01/02 6:29 p.m.27 views

Deserialization of untrusted data

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity XXE attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization...

7.5CVSS9.2AI score0.07524EPSS
Exploits0References32Affected Software12
BDU FSTEC
BDU FSTEC
added 2018/12/27 12:0 a.m.8 views

The vulnerability of the IBM QRadar SIEM system’s event collection and analysis process is related to improper restrictions on XML links to external objects. This allows attackers to disclose sensitive information or exploit memory resources.

The vulnerability of the IBM QRadar SIEM event collection and analysis system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to disclose protected information or utilize memory resources...

7.5CVSS7.1AI score0.01853EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2018/12/25 12:0 a.m.7 views

The vulnerability of the Castor XML software component for Cisco WebEx Meetings Server allows a attacker to disclose protected information.

The vulnerability of the Castor XML software component for Cisco WebEx Meetings Server relates to errors in restricting XML references to external objects. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

5.3CVSS5.4AI score
Exploits2References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/10/05 12:0 a.m.7 views

The vulnerability of the BEx Web Java Runtime Export web service of the SAP Business Intelligence software integration platform allows a perpetrator to gain access to the file system or cause a service failure.

The vulnerability of the BEx Web Java Runtime Export Web Service application of the SAP Business Intelligence software integration platform is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to gain access to the...

9CVSS5.5AI score0.01602EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/02/02 12:0 a.m.6 views

The vulnerability of the Apache XML-RPC library (ws-xmlrpc) is related to improper restrictions on XML links to external objects, which allows attackers to perform SSRF attacks.

The vulnerability of the Apache XML-RPC library ws-xmlrpc is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to perform SSRF attacks using specially crafted DTDs...

9.3CVSS7.8AI score0.08275EPSS
Exploits0References6Affected Software1
Packet Storm
Packet Storm
added 2016/09/07 12:0 a.m.136 views

Adobe ColdFusion 11 XML External Entity Injection

============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-4264 - APSB16-30 - Release date: 31.08.2016 - Severity: Critical ============================================= I. VULNERABILITY -------------------------...

6.4CVSS0.6AI score0.69044EPSS
Exploits7
BDU FSTEC
BDU FSTEC
added 2016/03/23 12:0 a.m.10 views

The vulnerability of the application interface of IBM WebSphere Portal servers allows a hacker to trigger a service failure or read arbitrary files.

The vulnerability of the XML parser in the IBM WebSphere Portal user interface relates to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to read arbitrary files or cause service failures by declaring external links that are related ...

5.5CVSS6.4AI score0.01039EPSS
Exploits0References3
Silent Robot Systems
Silent Robot Systems
added 2015/12/15 4:0 a.m.19 views

XML Entity Cheatsheet - Updated

An XML Entity testing cheatsheet. This is an updated version with nokogiri tests removed, just XXE notes. XML Declarations: 1 2 | ---|--- Vanilla entity test: 1 | &post ---|--- SYSTEM entity test xxe: 1 | ---|--- Parameter Entity. One of the benefits is a paremeter entity is automatically expande...

6.8AI score
Exploits0
CNVD
CNVD
added 2015/12/13 12:0 a.m.16 views

Apple OS X iBooks File Handling Information Disclosure Vulnerability

Apple OS X is an operating system developed by Apple Inc. A vulnerability in Apple OS X's handling of iBooks files that reference external XML entities allows attackers to exploit the vulnerability to obtain sensitive information...

5CVSS6.5AI score0.02112EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2015/05/13 12:0 a.m.60 views

WSO2 Identity Server 5.0.0 XSS / CSRF / XXE Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: WSO2 Identity Server other WSO2 Carbon based products may be affected too...

0.2AI score
Exploits0
Mageia
Mageia
added 2015/04/09 10:44 p.m.48 views

Updated jakarta-taglibs-standard packages fix CVE-2015-0254

Updated jakarta-taglibs-standard packages fix security vulnerability: David Jorm discovered that the Apache Standard Taglibs incorrectly handled external XML entities. A remote attacker could possibly use this issue to execute arbitrary code or perform other external XML entity attacks...

7.5CVSS9.1AI score0.1326EPSS
Exploits0References2
OSV
OSV
added 2015/04/09 10:44 p.m.9 views

MGASA-2015-0140 Updated jakarta-taglibs-standard packages fix CVE-2015-0254

Updated jakarta-taglibs-standard packages fix security vulnerability: David Jorm discovered that the Apache Standard Taglibs incorrectly handled external XML entities. A remote attacker could possibly use this issue to execute arbitrary code or perform other external XML entity attacks...

7.5CVSS8.9AI score0.1326EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/03/31 12:0 a.m.30 views

Ubuntu 14.04 LTS : Apache Standard Taglibs vulnerability (USN-2551-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2551-1 advisory. David Jorm discovered that the Apache Standard Taglibs incorrectly handled external XML entities. A remote attacker could possibly use this issue to execute...

7.5CVSS7.7AI score0.1326EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2015/03/30 5:25 p.m.57 views

USN-2551-1: Apache Standard Taglibs vulnerability

David Jorm discovered that the Apache Standard Taglibs incorrectly handled external XML entities. A remote attacker could possibly use this issue to execute arbitrary code or perform other external XML entity attacks...

7.5CVSS7.6AI score0.1326EPSS
Exploits0
Prion
Prion
added 2015/03/09 2:59 p.m.22 views

Xxe

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity XXE attacks via a crafted XSLT extension in a 1 or 2 JSTL XML tag...

7.5CVSS7.9AI score0.1326EPSS
Exploits0References23Affected Software2
Cvelist
Cvelist
added 2015/03/09 2:0 p.m.29 views

CVE-2015-0254

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity XXE attacks via a crafted XSLT extension in a 1 or 2 JSTL XML tag...

9.3AI score0.1326EPSS
Exploits0References23
Tenable Nessus
Tenable Nessus
added 2015/03/02 12:0 a.m.26 views

Apache Tomcat 8.0.x < 8.0.4 Multiple Vulnerabilities

Binary data 8936.pasl...

5CVSS8.5AI score0.2006EPSS
Exploits1References2
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.59 views

Enalean Tuleap 7.2 - XXE File Disclosure

No description provided by source. Vulnerability title: Tuleap = 7.2 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 7.2 and earlier Fixed version: 7.4.99.5 Reported by: Jerzy Kramarz Details: A multiple XML External Entity...

4CVSS6.5AI score0.03324EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2014/05/30 12:0 a.m.47 views

Apache Tomcat 6.0.x < 6.0.40 Multiple Vulnerabilities

According to its self-reported version number, the instance of Apache Tomcat 6.0.x listening on the remote host is prior to 6.0.40. It is, therefore, affected by the following vulnerabilities : - An error exists related to chunk size and chunked requests that allows denial of service attacks...

5CVSS6.7AI score0.2006EPSS
Exploits1References5
Rows per page
Query Builder