20 matches found
HAPI FHIR: XXE in XsltUtilities.saxonTransform via unhardened Saxon TransformerFactory
org.hl7.fhir.utilities.XsltUtilities exposes two parallel families of XSLT transform helpers. The transform... overloads obtain their TransformerFactory from the project's hardened helper XMLUtil.newXXEProtectedTransformerFactory which sets ACCESSEXTERNALDTD="" and ACCESSEXTERNALSTYLESHEET="". Th...
EUVD-2007-3700
Malware in sbrugna...
firefox: thunderbird: XSLT documents could bypass CSP
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: XSLT document loading incorrectly propagates the source document which bypassed its CSP...
Important: Red Hat Security Advisory: libxslt security update
An update for libxslt is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
Splunk XSLT Upload Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Splunk Authenticated XSLT Upload RCE', 'Description' = %q This Metasploit module exploits a Remote Code Execution RCE vulnerability in Splunk...
Denial Of Service (DoS)
libxslt is a library for transforming XML files into other textual formats including HTML, plain text, and other XML representations of the underlying data using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates...
Mozilla: Use-after-free when source document is manipulated during XSLT (MFSA 2018-03)
A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firef...
Debian DSA-4086-1 : libxml2 - security update
Nick Wellnhofer discovered that certain function calls inside XPath predicates can lead to use-after-free and double-free errors when executed by libxml2's XPath engine via an XSLT transformation. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extract...
Debian: Security Advisory (DSA-4086-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs
It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...
Scientific Linux Security Update : xmlsec1 on SL4.x, SL5.x i386/x86_64
A flaw was found in the way xmlsec1 handled XML files that contain an XSLT transformation specification. A specially crafted XML file could cause xmlsec1 to create or overwrite an arbitrary file while performing the verification of a file's digital signature. CVE-2011-1425 After installing the...
Apple Safari Webkit libxslt Arbitrary File Creation
This module exploits a file creation vulnerability in the Webkit rendering engine. It is possible to redirect the output of a XSLT transformation to an arbitrary file. The content of the created file must be ASCII or UTF-8. The destination path can be relative or absolute. This module has been...
Apple Safari Webkit - libxslt Arbitrary File Creation (Metasploit)
$Id: safarixsltoutput.rb 13987 2011-10-18 07:39:50Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
CentOS Update for xmlsec1 CESA-2011:0486 centos4 i386
Check for the Version of xmlsec1 OpenVAS Vulnerability Test CentOS Update for xmlsec1 CESA-2011:0486 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
CentOS Update for xmlsec1 CESA-2011:0486 centos5 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
RHEL 4 / 5 : xmlsec1 (RHSA-2011:0486)
The remote Redhat Enterprise Linux 4 / 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:0486 advisory. The XML Security Library is a C library based on libxml2 and OpenSSL that implements the XML Digital Signature and XML Encryption standards. A fl...
Moderate: Red Hat Security Advisory: libxslt security update
Updated libxslt packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxslt is a library for transforming XML files into other XML...
libxslt security update
CentOS Errata and Security Advisory CESA-2008:0287-01 Updated libxslt packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. libxslt is a C library, based on libxml, for parsing of XML files into...
Important: Red Hat Security Advisory: libxslt security update
Updated libxslt packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. libxslt is a C library, based on libxml, for parsing of XML files into other textual formats eg HTML, plain text and other XM...
xml2owl-exec.txt
--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- Remote...