Lucene search
K

20 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2026/06/17 12:0 a.m.8 views

HAPI FHIR: XXE in XsltUtilities.saxonTransform via unhardened Saxon TransformerFactory

org.hl7.fhir.utilities.XsltUtilities exposes two parallel families of XSLT transform helpers. The transform... overloads obtain their TransformerFactory from the project's hardened helper XMLUtil.newXXEProtectedTransformerFactory which sets ACCESSEXTERNALDTD="" and ACCESSEXTERNALSTYLESHEET="". Th...

8.7CVSS5.3AI score
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.16 views

EUVD-2007-3700

Malware in sbrugna...

9.3CVSS8.9AI score0.03554EPSS
Exploits0References15
RedHat Linux
RedHat Linux
added 2025/07/29 8:12 a.m.6 views

firefox: thunderbird: XSLT documents could bypass CSP

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: XSLT document loading incorrectly propagates the source document which bypassed its CSP...

8.1CVSS7.3AI score0.00305EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/04/23 10:23 a.m.22 views

Important: Red Hat Security Advisory: libxslt security update

An update for libxslt is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

7.8CVSS6.8AI score0.00324EPSS
Exploits4References4
Packet Storm
Packet Storm
added 2023/12/12 12:0 a.m.395 views

Splunk XSLT Upload Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Splunk Authenticated XSLT Upload RCE', 'Description' = %q This Metasploit module exploits a Remote Code Execution RCE vulnerability in Splunk...

8.8CVSS7.4AI score0.89066EPSS
Exploits4
Veracode
Veracode
added 2019/05/02 4:43 a.m.33 views

Denial Of Service (DoS)

libxslt is a library for transforming XML files into other textual formats including HTML, plain text, and other XML representations of the underlying data using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates...

6.8CVSS10AI score0.02455EPSS
Exploits1References21Affected Software1
RedHat Linux
RedHat Linux
added 2018/01/24 10:5 a.m.6 views

Mozilla: Use-after-free when source document is manipulated during XSLT (MFSA 2018-03)

A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firef...

9.8CVSS7.3AI score0.07262EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2018/01/15 12:0 a.m.38 views

Debian DSA-4086-1 : libxml2 - security update

Nick Wellnhofer discovered that certain function calls inside XPath predicates can lead to use-after-free and double-free errors when executed by libxml2's XPath engine via an XSLT transformation. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extract...

8.8CVSS8AI score0.02963EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2018/01/12 12:0 a.m.48 views

Debian: Security Advisory (DSA-4086-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.5AI score0.02963EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2014/07/07 2:49 p.m.6 views

Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs

It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...

4.3CVSS6.5AI score0.06905EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.32 views

Scientific Linux Security Update : xmlsec1 on SL4.x, SL5.x i386/x86_64

A flaw was found in the way xmlsec1 handled XML files that contain an XSLT transformation specification. A specially crafted XML file could cause xmlsec1 to create or overwrite an arbitrary file while performing the verification of a file's digital signature. CVE-2011-1425 After installing the...

5.1CVSS5.5AI score0.08057EPSS
Exploits0References2
Metasploit
Metasploit
added 2011/10/18 7:39 a.m.31 views

Apple Safari Webkit libxslt Arbitrary File Creation

This module exploits a file creation vulnerability in the Webkit rendering engine. It is possible to redirect the output of a XSLT transformation to an arbitrary file. The content of the created file must be ASCII or UTF-8. The destination path can be relative or absolute. This module has been...

8.8CVSS7.6AI score0.43195EPSS
Exploits11
Exploit DB
Exploit DB
added 2011/10/18 12:0 a.m.72 views

Apple Safari Webkit - libxslt Arbitrary File Creation (Metasploit)

$Id: safarixsltoutput.rb 13987 2011-10-18 07:39:50Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

8.8CVSS7AI score0.43195EPSS
Exploits11
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.30 views

CentOS Update for xmlsec1 CESA-2011:0486 centos4 i386

Check for the Version of xmlsec1 OpenVAS Vulnerability Test CentOS Update for xmlsec1 CESA-2011:0486 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

5.1CVSS8.1AI score0.08057EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.25 views

CentOS Update for xmlsec1 CESA-2011:0486 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5.1CVSS5.2AI score0.08057EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2011/05/05 12:0 a.m.48 views

RHEL 4 / 5 : xmlsec1 (RHSA-2011:0486)

The remote Redhat Enterprise Linux 4 / 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:0486 advisory. The XML Security Library is a C library based on libxml2 and OpenSSL that implements the XML Digital Signature and XML Encryption standards. A fl...

5.1CVSS5.9AI score0.08057EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2008/07/31 3:36 p.m.33 views

Moderate: Red Hat Security Advisory: libxslt security update

Updated libxslt packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxslt is a library for transforming XML files into other XML...

7.5CVSS7.7AI score0.12789EPSS
Exploits2References2
Cent OS
Cent OS
added 2008/05/22 6:9 a.m.62 views

libxslt security update

CentOS Errata and Security Advisory CESA-2008:0287-01 Updated libxslt packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. libxslt is a C library, based on libxml, for parsing of XML files into...

7.5CVSS7.5AI score0.1279EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2008/05/21 7:30 a.m.39 views

Important: Red Hat Security Advisory: libxslt security update

Updated libxslt packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. libxslt is a C library, based on libxml, for parsing of XML files into other textual formats eg HTML, plain text and other XM...

7.5CVSS7.4AI score0.1279EPSS
Exploits2References2
Packet Storm
Packet Storm
added 2007/12/29 12:0 a.m.21 views

xml2owl-exec.txt

--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- Remote...

7.4AI score
Exploits0
Rows per page
Query Builder