268 matches found
CVE-2023-38207
Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by a XML Injection aka Blind XPath Injection vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction...
Design/Logic Flaw
Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by a XML Injection aka Blind XPath Injection vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction...
CVE-2023-38207
Summary: CVE-2023-38207 affects Adobe Commerce (Magento) across multiple 2.4.x releases due to an XML Injection (Blind XPath Injection) flaw that can allow reading of minor arbitrary files from the filesystem without user interaction. Affected: 2.4.6-p1 and earlier, 2.4.5-p3 and earlier, 2.4.4-p4...
CVE-2023-38207 Adobe Commerce XML Injection (aka Blind XPath Injection) Arbitrary file system read
Adobe Commerce versions 2.4.6-p1 and earlier, 2.4.5-p3 and earlier and 2.4.4-p4 and earlier are affected by a XML Injection aka Blind XPath Injection vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction...
The vulnerability of the ezxml_parse_str function in the ezXML XML document syntax analysis library allows a attacker to cause a service failure.
The vulnerability of the ezxmlparsestr function in the ezXML XML syntax analysis library is related to the exploitation of xml blind xpath injection. Exploiting this vulnerability allows a malicious actor to cause service failures using a specially created XML file...
OSV-2023-518 Security exception in com.code_intelligence.jazzer.sanitizers.XPathInjection.checkXpathExecute
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60148 Crash type: Security exception Crash state: com.codeintelligence.jazzer.sanitizers.XPathInjection.checkXpathExecute org.hamcrest.xml.HasXPath.compiledXPath org.hamcrest.xml.HasXPath...
PT-2023-35886 · Unknown · Com.Code Intelligence.Jazzer.Sanitizers.Xpathinjection +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A security exception crash was reported, involving the checkXpathExecute function from com.code intelligence.jazzer.sanitizers.XPathInjection, and the...
The vulnerability in the web interface of the Juniper Networks Junos OS operating system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability in the J-Web web interface of the Juniper Networks Junos OS system is related to improper input validation. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to protected information by adding an XPath command to the XPath stream...
ruby-saml vulnerable to XPath injection
xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...
GHSA-R364-2PJ4-PF7F ruby-saml vulnerable to XPath injection
xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...
CVE-2015-20108
xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...
CVE-2015-20108
xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...
DEBIAN-CVE-2015-20108
xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...
CVE-2015-20108
xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...
Design/Logic Flaw
xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...
OneLogin ruby-saml 命令注入漏洞
Onelogin OneLogin ruby-saml is a Ruby-based SAML Security Assertion Markup Language library for Single Sign-On SSO services from Onelogin, USA. A security vulnerability exists in OneLogin ruby-saml prior to version 1.0.0, which stems from not using pre-defined statements, causing xmlsecurity.rb i...
CVE-2015-20108
xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...
CVE-2015-20108
The CVE-2015-20108 issue affects the ruby-saml gem prior to 1.0.0, where xml_security.rb enables XPath injection and code execution because prepared statements are not used. Affected component: ruby-saml XML security handling. Root cause: lack of prepared statements in XPath processing leads to i...
CVE-2015-20108
xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...
Concrete5 CME v9.1.3 - Xpath injection Vulnerability
Exploit Title: Concrete5 CME v9.1.3 - Xpath injection Author: nu11secur1ty Vendor: https://www.concretecms.org/ Software: https://www.concretecms.org/download Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3 Description: The URL...