93 matches found
XPath Injection
XML Path Language XPath queries are used by web applications for selecting nodes from XML documents. Once selected, the value of these nodes can then be used by the application. A simple example for the use of XML documents is to store user information. As part of the authentication process, the...
CVE-2016-9149
The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a...
Camel: XXE via XPath expression evaluation
It was found that Apache Camel performed XML External Entity XXE expansion when evaluating invalid XML Strings or invalid XML GenericFile objects. A remote attacker able to submit a crafted XML message could use this flaw to read files accessible to the user running the application server, and...
Camel: XXE via XPath expression evaluation
It was found that Apache Camel performed XML External Entity XXE expansion when evaluating invalid XML Strings or invalid XML GenericFile objects. A remote attacker able to submit a crafted XML message could use this flaw to read files accessible to the user running the application server, and...
CVE-2014-3806
Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. dot dot in the xmlpath parameter...
Directory Traversal Vulnerability in VMTurbo Operations Manager 4.5 or earlier
Product: VM Turbo Operations Manager Vendor: VM Turbo Vulnerable Versions: 4.5.x earlier Tested Version: 4.0 Advisory Publication: April 11, 2014 Vendor Notification: April 11, 2014 Public Disclosure: May 8, 2014 Vulnerability Type: Directory Traversal Discovered and Provided: Jamal Pecou Securit...
libxml2: double-free in XPath processing code
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling...
libxml2: double free caused by malformed XPath expression in XSLT
Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression...
libxml2: double-free caused by malformed XPath expression in XSLT
Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling...
libxml2: double-free caused by malformed XPath expression in XSLT
Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling...
libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service application crash via a...
DEBIAN-CVE-2011-2821
Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression...
MSSQL SQL Injection
Вывод ошибок. http://site.com/script.asp?id=5's Код: Microsoft OLE DB Provider for SQL Server error '80040e14' MicrosoftODBC SQL Server DriverSQL ServerUnclosed quotation mark after the character string '5's'. /file.asp, line 1000 Ошибки могут быть разные, в зависимости на чем обрабатывается mssq...