21 matches found
expat: internal entity expansion
expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...
expat: internal entity expansion
expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...
expat: internal entity expansion
expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...
expat: internal entity expansion
expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...
Siemens SIMATIC S7-1500 Improper Restriction of XML External Entity Reference (CVE-2013-0340)
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...
EUVD-2017-0526
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2012-5657
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 1 ZendFeedRss and 2 ZendFeedAtom classes in ZendFeed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitra...
SUSE CVE-2013-0339
libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers,...
SUSE CVE-2013-0340
expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...
SUSE CVE-2013-1915
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity XXE vulnerability...
CVE-2021-37498
An SSRF issue was discovered in Reprise License Manager RLM web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function...
expat: internal entity expansion
expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...
OESA-2021-1261 expat security update
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the...
CVE-2016-4264
The Office Open XML OOXML feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a crafted OOXML spreadsheet containing an external entity declaration in conjunction with an entity...
Endress+Hauser FieldCare CodeWrights HART Comm DTM Component Arbitrary File Read Vulnerability
Endress+Hauser FieldCare is a suite of applications for managing the FDT/DTM framework.CodeWrights HART Comm DTM is a component for providing communication protocol information to the FDT/DTM framework application. A security vulnerability in the CodeWrights HART Comm DTM group used by...
UBUNTU-CVE-2015-1833
XML external entity XXE vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request...
DEBIAN-CVE-2013-0339
libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers,...
DEBIAN-CVE-2013-0340
expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...
PT-2014-1964 · Libxml2 +2 · Libxml2 +2
Name of the Vulnerable Software and Affected Versions: libxml2 versions prior to 2.9.2 Description: The issue is related to the handling of external entities expansion in libxml2, which can be exploited by remote attackers to cause a denial of service, send HTTP requests to intranet servers, or...
DEBIAN-CVE-2013-1915
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity XXE vulnerability...