Command injection

A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord on Ubuntu Kylin. Affected is the function InstallSnap of the component Update Handler. The manipulation leads to command injection. The attack needs to be approached locally. The exploit has been...

CVE-2023-1277 kylin-system-updater Update InstallSnap command injection

A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord on Ubuntu Kylin. Affected is the function InstallSnap of the component Update Handler. The manipulation leads to command injection. The attack needs to be approached locally. The exploit has been...

Sql injection

A vulnerability was found in SourceCodester Yoga Class Registration System 1.0 and classified as critical. This issue affects some unknown processing of the file admin/registrations/updatestatus.php of the component Status Update Handler. The manipulation of the argument id leads to sql injection...

PT-2023-16662 · Sourcecodester · Sourcecodester Yoga Class Registration System

Name of the Vulnerable Software and Affected Versions: SourceCodester Yoga Class Registration System version 1.0 Description: A critical issue affects the Status Update Handler component, specifically the file admin/registrations/update status.php. The manipulation of the id argument leads to SQL...

Apache Solr vulnerable to XML Bomb

Solr versions prior to 5.0.0 are vulnerable to an XML resource consumption attack a.k.a. Lol Bomb via it?s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs...

GHSA-JQ2W-W7V2-69Q5 Apache Solr vulnerable to XML Bomb

Solr versions prior to 5.0.0 are vulnerable to an XML resource consumption attack a.k.a. Lol Bomb via it?s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs...

CVE-2003-5003

A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected by this issue is the Update Handler. The manipulation with an unknown input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may ...

CVE-2003-5003

The CVE-2003-5003 entry concerns IBM ISS BlackICE PC Protection. Affected component: the Update Handler. Root cause: manipulation of an unknown input leads to cross-site scripting. Impact: potential remote exploitation with constrained integrity/availability (per sources, XSS could affect a clien...

CVE-2003-5003 ISS BlackICE PC Protection Update cross site scriting

A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected by this issue is the Update Handler. The manipulation with an unknown input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may ...

CVE-2003-5002 ISS BlackICE PC Protection Update cleartext transmission

A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

PT-2022-7715 · Ibm · Blackice Pc Protection

Name of the Vulnerable Software and Affected Versions: ISS BlackICE PC Protection affected versions not specified Description: A vulnerability was found in the Update Handler component of ISS BlackICE PC Protection, allowing cleartext transmission of data. This issue is declared as problematic an...

IBM ISS BlackICE PC 安全漏洞

IBM ISS BlackICE PC is a personal firewall/IDS for Windows desktops from International Business Machines IBM. A security vulnerability exists in IBM ISS BlackICE PC Protection that originates in a component update handler that allows for the transmission of data in clear text...

PT-2022-7716 · Ibm · Blackice Pc Protection

Name of the Vulnerable Software and Affected Versions: ISS BlackICE PC Protection affected versions not specified Description: A problem was found in the Update Handler of ISS BlackICE PC Protection, which can be exploited through cross site scripting by manipulating an unknown input. This issue...

GSD-2021-1001059 net/mlx5e: Fix use-after-free of encap entry in neigh update handler

net/mlx5e: Fix use-after-free of encap entry in neigh update handler This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.13 by commit...

UVI-2021-1001059 net/mlx5e: Fix use-after-free of encap entry in neigh update handler

net/mlx5e: Fix use-after-free of encap entry in neigh update handler This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.13 by commit...

CVE-2019-12401

Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack a.k.a. Lol Bomb via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML...

Design/Logic Flaw

Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack a.k.a. Lol Bomb via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML...

PT-2019-12786 · Apache · Solr

Name of the Vulnerable Software and Affected Versions: Solr versions 1.3.0 through 1.4.1 Solr versions 3.1.0 through 3.6.2 Solr versions 4.0.0 through 4.10.4 Solr versions prior to 5.0.0 Description: The issue allows for an XML resource consumption attack, also known as a Lol Bomb, via the update...

UBUNTU-CVE-2012-6612

The 1 UpdateRequestHandler for XSLT or 2 XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, different...