119 matches found
CVE-2019-0234
Summary: CVE-2019-0234 is a reflected XSS in Apache Roller caused by Roller's Math Comment Authenticator not properly sanitizing input. Affected versions include Roller 5.2.1–5.2.2 (and related 5.2.x builds) prior to 5.2.3. Impact: attacker-controlled input could trigger reflected XSS. Mitigation...
CVE-2019-0234
A Reflected Cross-site Scripting XSS vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting XSS. The mitigation for this vulnerability is to upgrade to the latest version of...
Server side request forgery (ssrf)
Server-side Request Forgery SSRF and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / Fil...
CVE-2018-17198
Server-side Request Forgery SSRF and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / Fil...
CVE-2018-17198
Server-side Request Forgery SSRF and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / Fil...
CVE-2018-17198
Server-side Request Forgery SSRF and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / Fil...
CVE-2018-17198
CVE-2018-17198 describes a Server-Side Request Forgery (SSRF) and File Enumeration flaw in Apache Roller 5.2.1, 5.2.0 and earlier . The issue arises because the Java SAX Parser used for the XML-RPC interface allows external entities in XML DOCTYPE by default, enabling SSRF/File Enumeration even w...
Apache Roller File Disclosure
File disclosure vulnerability via XXE in Apache Roller Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
Apache Roller 5.0.3 XML Injection / File Disclosure
Exploit Title: Apache Roller 5.0.3 - XML External Entity Injection File Disclosure Google Dork: intext:"apache roller weblogger version vulnerableversionnumber" Date: 2018-09-05 Exploit Author: Marko Jokic Contact: http://twitter.com/MarkoJokic Vendor Homepage: http://roller.apache.org/ Software...
Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure)
Apache Roller 5.0.3 - XML External Entity Injection File Disclosure Exploit Title: Apache Roller 5.0.3 - XML External Entity Injection File Disclosure Google Dork: intext:"apache roller weblogger version vulnerableversionnumber" Date: 2018-09-05 Exploit Author: Marko Jokic Contact:...
Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure)
Exploit Title: Apache Roller 5.0.3 - XML External Entity Injection File Disclosure Google Dork: intext:"apache roller weblogger version vulnerableversionnumber" Date: 2018-09-05 Exploit Author: Marko Jokic Contact: http://twitter.com/MarkoJokic Vendor Homepage: http://roller.apache.org/ Software...
Apache Roller 5.0.3 - XML External Entity Injection Exploit
Exploit for linux platform in category web applications Exploit Title: Apache Roller 5.0.3 - XML External Entity Injection File Disclosure Google Dork: intext:"apache roller weblogger version vulnerableversionnumber" Exploit Author: Marko Jokic Contact: http://twitter.com/MarkoJokic Vendor...
Apache Roller < 5.0.3 XXE Vulnerability
Apache Roller is prone to an XML external entity XXE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:roller...
Apache Roller < 5.0.2 Multiple Vulnerabilities
Apache Roller is prone to code execution and cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Apache Roller XML-RPC protocol support XML injection vulnerability
Apache Roller is the United States Apache Apache Software Foundation's set of feature-rich multi-user blogging platform. XML-RPC protocol support is one of the XML-RPC transport protocol support component. A security vulnerability exists in the XML-RPC protocol support in Apache Roller versions...
CVE-2014-0030
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity XXE attacks via unspecified vectors...
Xxe
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity XXE attacks via unspecified vectors...
CVE-2014-0030
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity XXE attacks via unspecified vectors...
PT-2017-5767 · Apache · Apache Roller
Name of the Vulnerable Software and Affected Versions: Apache Roller versions prior to 5.0.3 Description: The issue allows attackers to conduct XML External Entity XXE attacks. XXE attacks occur when an application parses XML input that contains malicious external entities, which can lead to the...
Apache Roller Execute Arbitrary java Code Vulnerability
Apache Roller is the United States Apache Apache Software Foundation's set of feature-rich multi-user blogging platform. A security vulnerability exists in the weblog page template in Apache Roller versions 5.1 through 5.1.1. The vulnerability can be exploited by a remote attacker to execute...