CVE-2021-21366

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpect...

08cms (=1.0.0), 0uth (>=1.0.5 <=1.2.1) +11270 more potentially affected by CVE-2021-21366 via xmldom (>=0.1.11 <=0.4.0)

xmldom NPM version =0.1.11, =1.0.5, =1.0.0, =1.0.0, =1.7.3, =0.1.0, =0.0.2, =0.0.1, =1.0.23, =1.0.0, =0.0.3, =0.1.0, =6.0.0-rc.0 and more Source cves: CVE-2021-21366 Source advisory: SNYK:JS-XMLDOM-1084960...

XML External Entity (XXE) Injection

Overview xmldom is an A pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Affected versions of this package are vulnerable to XML External Entity XXE Injection. Does not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and...

MS14-052 Microsoft Internet Explorer XMLDOM Filename Disclosure

This module will use the Microsoft XMLDOM object to enumerate a remote machine's filenames. It will try to do so against Internet Explorer 8 and Internet Explorer 9. To use it, you must supply your own list of file paths. Each file path should look like this: c:\\windows\\system32\\calc.exe This...

Microsoft Internet Explorer Resource Information Disclosure (MS14-052; CVE-2013-7331)

An information disclosure vulnerability exists in Internet Explorer. This vulnerability is caused when the XMLDOM ActiveX control allows local resources to be enumerated. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of...

Microsoft Internet Explorer Multiple Vulnerabilities (2977629)

This host is missing a critical security update according to Microsoft Bulletin MS14-052. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2013-7331

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild ...

CVE-2013-7332

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity...

Design/Logic Flaw

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity...

CVE-2013-7332

Technical details about CVE-2013-7332 are not provided in the connected documents. The sources mention related XML entity expansion issues (e.g., CVE-2009-2473) but no vendor/product/version specifics for this CVE.

CVE-2013-7331

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild ...

CVE-2013-7332

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity...

CVE-2013-7331

CVE-2013-7331 is an information-disclosure vulnerability in the Microsoft XMLDOM ActiveX control used by Internet Explorer on Windows (XMLDOM object). The flaw allows an attacker to determine the existence of local pathnames, UNC shares, intranet hostnames, and intranet IP addresses by inspecting...

CVE-2013-7331

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild ...

Microsoft XMLDOM ActiveX控件多个信息泄露漏洞

BUGTRAQ ID: 65601 Microsoft XMLDOM ActiveX控件是运行在IE内的ActiveX控件。 Microsoft.XMLDOM ActiveX控件内的某些方法在实现上存在信息泄露漏洞，攻击者通过检查Microsoft.XMLDOM控件的错误代码，可以确定本地驱动器名、目录名、文件、内部网络地址等信息。该漏洞影响IE 6-11版本。 0 Microsoft Internet Explorer 6-11 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

[Full-disclosure] MS07-042 XMLDOM substringData&#40;&#41; PoC

This bit of JavaScript kills IE 6 on Windows 2000 and Windows XP SP2 var xmlDoc = new ActiveXObject"Microsoft.XMLDOM"; xmlDoc.loadXML"dummy/dummy"; var txt = xmlDoc.createTextNode"huh"; var out = txt.substringData1,0x7fffffff; Installing the patch from MS07-042 fixes it. Cheers, Alla Bezroutchko...

[VulnWatch] administrivia: cross-site tracing

There's been a lot of back and forth about the recent WhiteHat Security XST bug. Sensationalism aside, the fact still remains: 1. Access to cookies, particularly the 'httponly' add-on by IE, is limited by browser security restrictions. And I don't recall any browser being able to legitimately...