59 matches found
Adobe Acrobat and Reader XSLT Memory Corruption Vulnerability
Adobe Acrobat and Reader are the United States of America Audobee Adobe company's products. The former is a set of PDF file editing and conversion tools, the latter is a set of PDF document reading software. XSLT engine is one of the file format conversion engine. Adobe Acrobat and Reader in the...
Mozilla: Use-after-free in txExecutionState destructor during XSLT processing (MFSA 2017-11, MFSA 2017-12)
A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1,...
The vulnerabilities of programs for viewing and editing PDF files such as Adobe Reader, Adobe Acrobat, Adobe Acrobat Document Cloud, and Adobe Reader Document Cloud allow attackers to trigger service interruptions.
The vulnerability of XSLT services for viewing and editing PDF files in Adobe Reader, Adobe Acrobat, Adobe Acrobat Document Cloud, and Adobe Reader Document Cloud is related to a memory leak. Exploiting this vulnerability can allow an attacker to cause service failures remotely...
Mozilla: Use-after-free in nsAutoPtr during XSLT processing (MFSA 2017-11, MFSA 2017-12)
A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...
The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, allow attackers to execute arbitrary code.
The vulnerability in the XSLT programs for PDF viewing applications such as Adobe Reader and Document Cloud, as well as in PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, is related to improper type conversion. Exploiting this vulnerability allows an attacker to execute...
A vulnerability in the Mozilla SeaMonkey software product, which allows a malicious individual to execute arbitrary code.
Mozilla SeaMonkey’s software product contains a vulnerability related to an implementation error in the content protection policy when working with XSLT style sheets. Exploiting this vulnerability allows malicious actors to execute arbitrary XSLT code, despite the insufficient restrictions impose...
Xalan-Java: insufficient constraints in secure processing feature
It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...
Xalan-Java: insufficient constraints in secure processing feature
It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...
Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs
It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...
Camel: remote code execution via XSL
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message...
Camel: remote code execution via XSL
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message...
PT-2014-3427 · Apache · Apache Camel
Name of the Vulnerable Software and Affected Versions: Apache Camel versions 2.11.x through 2.11.3 Apache Camel versions 2.12.x through 2.12.2 Description: The issue allows remote attackers to execute arbitrary Java methods via a crafted message, potentially leading to unauthorized access and...
libxml2: double free caused by malformed XPath expression in XSLT
Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression...
php: XSLT file writing vulnerability
PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension...
libxml2: double-free caused by malformed XPath expression in XSLT
Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling...
xmlsec1: arbitrary file creation when verifying signatures
xslt.c in XML Security Library aka xmlsec before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification...
Mozilla Integer Overflow in XSLT Node Sorting
Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node...
Mozilla Integer Overflow in XSLT Node Sorting
Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node...
CentOS Update for libxslt CESA-2008:0287 centos3 x86_64
Check for the Version of libxslt OpenVAS Vulnerability Test CentOS Update for libxslt CESA-2008:0287 centos3 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...