200 matches found
CVE-2014-3146
Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting XSS attacks via control characters in the link scheme to the cleanhtml function...
UBUNTU-CVE-2014-0191
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation i...
USN-1904-1: libxml2 vulnerabilities
It was discovered that libxml2 would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly obtain access to arbitrary files or cause resource consumption. This issue only affected Ubuntu 10.04 LTS,...
[USN-1817-1] libxml2 vulnerability
========================================================================== Ubuntu Security Notice USN-1817-1 May 07, 2013 libxml2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...
USN-1817-1: libxml2 vulnerability
It was discovered that libxml2 incorrectly handled memory management when parsing certain XML files. An attacker could use this flaw to cause libxml2 to crash, resulting in a denial of service, or to possibly execute arbitrary code...
CVE-2013-1664
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service resource consumption and crash via an XML...
libxml2: double-free in XPath processing code
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling...
Microsoft Windows multiple security vulnerabilities
Print spooler service code execution, XML library integer overflow and memory corruption, multiple .Net vulnerabilities, Win32K privilege escalation SSL/TLS library protection bypass, Open Data Protocol DoS...
http-proxy-brute NSE Script
Performs brute force password guessing against HTTP proxy servers. Script Arguments http-proxy-brute.url sets an alternative URL to use when brute forcing default: http-proxy-brute.method changes the HTTP method to use when performing brute force guessing default: HEAD creds.service, creds.global...
Solaris Update for XML library source 114876-01
Check for the Version of XML library source OpenVAS Vulnerability Test Solaris Update for XML library source 114876-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...
Solaris Update for XML library source 114875-01
Check for the Version of XML library source OpenVAS Vulnerability Test Solaris Update for XML library source 114875-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...
Solaris Update for XML library source 114876-01
Check for the Version of XML library source OpenVAS Vulnerability Test Solaris Update for XML library source 114876-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...
Solaris Update for XML library source 114875-01
Check for the Version of XML library source OpenVAS Vulnerability Test Solaris Update for XML library source 114875-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...
Debian Security Advisory DSA 1666-1 (libxml2)
The remote host is missing an update to libxml2 announced via advisory DSA 1666-1. OpenVAS Vulnerability Test $Id: deb16661.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1666-1 libxml2 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
Debian DSA-1666-1 : libxml2 - several vulnerabilities
Several vulnerabilities have been discovered in the GNOME XML library. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-4225 Drew Yao discovered that missing input sanitising in the xmlBufferResize function may lead to an infinite loop, resulting in...
[SECURITY] [DSA 1666-1] New libxml2 packages fix several vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-1666-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 17, 2008 http://www.debian.org/security/faq -...
DSA-1631-1 libxml2 - denial of service
Bulletin has no description...
Ubuntu 4.10 : XML library vulnerabilities (USN-10-1)
Several buffer overflows have been discovered in libxml2's FTP connection and DNS resolution functions. Supplying very long FTP URLs or IP addresses might result in execution of arbitrary code with the privileges of the process using libxml2. Since libxml2 is used in packages like php4-imagick, t...
Solaris 9 (x86) : 114876-01
SunOS 5.9x86: XML library source patch. Date this patch was last updated by Sun : Apr/22/03 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...
Solaris 9 (sparc) : 114875-01
SunOS 5.9: XML library source patch. Date this patch was last updated by Sun : Apr/22/03 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if descriptio...