15 matches found
CVE-2013-4295
The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
GHSA-6JVW-RPW4-GJ4X Apache Shindig PHP Sensitive Information Disclosure
The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
Apache Shindig PHP Sensitive Information Disclosure
The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
Billion Laugh Attack in https://sites.google.com
tl;dr https://sites.google.com suffered from a Billion Laugh Attack vulnerability that made the containerized environment to crash with a single invocation. Introduction Few months ago I applied for a talk at a security conference titled So you wanna be a Bug Bounty Hunter but it was rejected :...
Remote DoS Exploit on Confluence
Nir Goldshlager have discovered a vulnerability on atlassian-gadgets when parsing XMLs. Basically anyone can craft a URL containing a parameter with some XML that will make the instance run out of memory when trying to parse it. Details on the attack can be found on...
Remote DoS Exploit on Confluence
Nir Goldshlager have discovered a vulnerability on atlassian-gadgets when parsing XMLs. Basically anyone can craft a URL containing a parameter with some XML that will make the instance run out of memory when trying to parse it. Details on the attack can be found on...
Remote DoS Exploit on Confluence
Nir Goldshlager have discovered a vulnerability on atlassian-gadgets when parsing XMLs. Basically anyone can craft a URL containing a parameter with some XML that will make the instance run out of memory when trying to parse it. Details on the attack can be found on...
[CVE-2013-4295] Apache Shindig information disclosure vulnerability
CVE-2013-4295: XXE vulnerability In Apache Shindig 2.5.0 PHP Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Shindig PHP 2.5.0 Description: The gadget renderer in the PHP version of Apache Shindig is subject to an XML External Entity XXE Injection attack. The...
CVE-2013-4295
The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
Xxe
The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
CVE-2013-4295
CVE-2013-4295 concerns the gadget renderer in Apache Shindig 2.5.0 for PHP, which is vulnerable to an XML External Entity (XXE) injection via an XML document containing an external entity declaration. This leads to information disclosure from the gadget rendering server. Affected: Apache Shindig ...
CVE-2013-4295
The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
Apache Shindig 2.5.0 XXE Injection
CVE-2013-4295: XXE vulnerability In Apache Shindig 2.5.0 PHP Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Shindig PHP 2.5.0 Description: The gadget renderer in the PHP version of Apache Shindig is subject to an XML External Entity XXE Injection attack. The...
Apache Shindig - XML External Entity Information Disclosure
Apache Shindig - XML External Entity Information Disclosure source: https://www.securityfocus.com/bid/63260/info Apache Shindig is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Apache...
Apache Shindig - XML External Entity Information Disclosure
source: https://www.securityfocus.com/bid/63260/info Apache Shindig is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Apache Shindig 2.5.0 is vulnerable. hello...