Lucene search
K

93 matches found

Tenable Nessus
Tenable Nessus
added 2017/03/31 12:0 a.m.16 views

XPath Injection

XML Path Language XPath queries are used by web applications for selecting nodes from XML documents. Once selected, the value of these nodes can then be used by the application. A simple example for the use of XML documents is to store user information. As part of the authentication process, the...

7.8AI score
Exploits0References2
OSV
OSV
added 2016/11/19 6:59 a.m.4 views

CVE-2016-9149

The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a...

6.5CVSS6.7AI score0.0204EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2015/12/07 8:46 p.m.6 views

Camel: XXE via XPath expression evaluation

It was found that Apache Camel performed XML External Entity XXE expansion when evaluating invalid XML Strings or invalid XML GenericFile objects. A remote attacker able to submit a crafted XML message could use this flaw to read files accessible to the user running the application server, and...

5CVSS5.8AI score0.07088EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/08/03 7:41 p.m.9 views

Camel: XXE via XPath expression evaluation

It was found that Apache Camel performed XML External Entity XXE expansion when evaluating invalid XML Strings or invalid XML GenericFile objects. A remote attacker able to submit a crafted XML message could use this flaw to read files accessible to the user running the application server, and...

5CVSS5.8AI score0.07088EPSS
Exploits0References5
Cvelist
Cvelist
added 2014/05/21 2:0 p.m.17 views

CVE-2014-3806

Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. dot dot in the xmlpath parameter...

6.6AI score0.07651EPSS
Exploits1References5
securityvulns
securityvulns
added 2014/05/10 12:0 a.m.50 views

Directory Traversal Vulnerability in VMTurbo Operations Manager 4.5 or earlier

Product: VM Turbo Operations Manager Vendor: VM Turbo Vulnerable Versions: 4.5.x earlier Tested Version: 4.0 Advisory Publication: April 11, 2014 Vendor Notification: April 11, 2014 Public Disclosure: May 8, 2014 Vulnerability Type: Directory Traversal Discovered and Provided: Jamal Pecou Securit...

0.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2013/01/31 7:14 p.m.8 views

libxml2: double-free in XPath processing code

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling...

7.5CVSS7.1AI score0.07533EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/01/31 7:14 p.m.6 views

libxml2: double free caused by malformed XPath expression in XSLT

Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression...

7.5CVSS6AI score0.01991EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/01/31 7:14 p.m.4 views

libxml2: double-free caused by malformed XPath expression in XSLT

Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling...

6.8CVSS7.5AI score0.02129EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/01/11 5:43 p.m.6 views

libxml2: double-free caused by malformed XPath expression in XSLT

Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling...

6.8CVSS7.5AI score0.02129EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2011/12/05 7:54 p.m.5 views

libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service application crash via a...

4.3CVSS6.5AI score0.03133EPSS
Exploits1References4
OSV
OSV
added 2011/08/29 3:55 p.m.2 views

DEBIAN-CVE-2011-2821

Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression...

7.5CVSS7.4AI score0.01991EPSS
Exploits0References1
rdot
rdot
added 2010/10/21 12:0 a.m.34 views

MSSQL SQL Injection

Вывод ошибок. http://site.com/script.asp?id=5's Код: Microsoft OLE DB Provider for SQL Server error '80040e14' MicrosoftODBC SQL Server DriverSQL ServerUnclosed quotation mark after the character string '5's'. /file.asp, line 1000 Ошибки могут быть разные, в зависимости на чем обрабатывается mssq...

Exploits0
Rows per page
Query Builder