Lucene search
K

92 matches found

CVE
CVE
added 2019/05/28 5:8 p.m.120 views

CVE-2018-17198

CVE-2018-17198 describes a Server-Side Request Forgery (SSRF) and File Enumeration flaw in Apache Roller 5.2.1, 5.2.0 and earlier . The issue arises because the Java SAX Parser used for the XML-RPC interface allows external entities in XML DOCTYPE by default, enabling SSRF/File Enumeration even w...

9.8CVSS9.4AI score0.04124EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/02/24 12:0 a.m.11 views

mxgraph mxGraphViewImageReader.java file XML external entity vulnerability

mxGraph is a JavaScript charting library . A security vulnerability in the mxGraphViewImageReader.java file in versions prior to mxGraph 3.7.6 stems from a SAXParserFactory instance in the 'convert' function that lacks the user blocking XML external entity injection attacks with a status flag...

9.8CVSS7.1AI score0.02954EPSS
Exploits1References1
CVE
CVE
added 2017/07/19 3:0 p.m.89 views

CVE-2016-6798

In Apache Sling, the XSS Protection API module is affected: versions before 1.0.12 use an insecure SAX parser in XSS.getValidXML(), enabling XML External Entity (XXE) attacks. This can allow attackers to read filesystem data, enable SSRF, perform port scanning behind a firewall, or cause DoS. Pub...

9.8CVSS8.9AI score0.03669EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2017/07/18 6:40 p.m.23 views

XML External Entity (XXE) Processing

Apache Sling XSS protection is vulnerable to XML External Entity XXE processing attacks. The library uses an insecure SAX parser to validate strings, allowing a malicious user to read sensitive data in the filesystem, conduct port-scanning behind the firewall or execute arbitrary code...

9.8CVSS9.1AI score0.03669EPSS
Exploits0References3Affected Software1
Fedora
Fedora
added 2016/04/06 2:13 p.m.17 views

[SECURITY] Fedora 24 Update: nodejs-node-expat-2.3.11-8.fc24

Fast libexpat XML SAX parser binding for Node.js...

2.8AI score
Exploits0
OSV
OSV
added 2014/12/31 12:28 p.m.5 views

MGASA-2014-0556 Updated castor packages fix CVE-2014-3004

Updated castor packages fix security vulnerability: The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document CVE-2014-3004...

4.3CVSS6.2AI score0.07794EPSS
Exploits3References3
Mageia
Mageia
added 2014/12/31 12:28 p.m.42 views

Updated castor packages fix CVE-2014-3004

Updated castor packages fix security vulnerability: The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document CVE-2014-3004...

4.3CVSS8.7AI score0.07794EPSS
Exploits3References2
NVD
NVD
added 2014/06/11 2:55 p.m.12 views

CVE-2014-3004

The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...

4.3CVSS8.1AI score0.07794EPSS
Exploits3References8
Prion
Prion
added 2014/06/11 2:55 p.m.17 views

Xxe

The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...

4.3CVSS6.7AI score0.07794EPSS
Exploits3References8Affected Software2
OSV
OSV
added 2014/06/11 2:55 p.m.3 views

UBUNTU-CVE-2014-3004

The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...

4.3CVSS7.1AI score0.07794EPSS
Exploits3References4
CVE
CVE
added 2014/06/11 2:0 p.m.103 views

CVE-2014-3004

CVE-2014-3004 affects the Castor Library: the default configuration of the Xerces SAX Parser in Castor prior to version 1.3.3 allows XML External Entity (XXE) processing via crafted XML, enabling context-dependent attackers to disclose sensitive information. The issue is mitigated by upgrading Ca...

4.3CVSS8.9AI score0.07794EPSS
Exploits3References8Affected Software1
seebug.org
seebug.org
added 2010/10/08 12:0 a.m.30 views

Apache XML-RPC信息泄露漏洞

Apache XML-RPC是一种Java语言的XML-RPC协议实现。 Apache XML-RPC的实现上存在设计问题,远程攻击者可能利用来从服务端获取敏感信息。 Apache XML-RPC的SAX解析器允许包含外部资源,恶意客户端可能利用这个机制把服务器上资源包含进来。 Apache Group Apache XML-RPC 3.x Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://ws.apache.org/xmlrpc/changes-report.htmla3.1.3...

7.1AI score
Exploits0
Rows per page
Query Builder