6 matches found
Apache Any23 code issue vulnerability
Apache Any23 is a library, Web service, and command-line tool from the Apache Foundation, USA. It can extract structured data in RDF format from a variety of Web documents.Any23 versions prior to 2.7 contain a code issue vulnerability that could be exploited by an attacker to interfere with an...
CVE-2022-25312
An XML external entity XXE injection vulnerability was discovered in the Any23 RDFa XSLTStylesheet extractor and is known to affect Any23 versions 2.7. XML external entity injection also known as XXE is a web security vulnerability that allows an attacker to interfere with an application's...
in yeswiki/yeswiki
Description Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker to inject javascript code via SVG...
CVE-2021-23901
An XML external entity XXE injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions 1.18. XML external entity injection also known as XXE is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. ...
SQL injection tactics revealed
SQL injection attacks have become the most reliable way for hackers to gain access to valuable data on back-end systems, with many high-profile Web sites falling victim to the technique over the last couple of years. The attacks themselves are fairly straightforward, but the results can be...
Cross site scripting via HTML attributes in the back end
More info at https://contao.org/en/security-advisories/cross-site-scripting-via-html-attributes-in-the-back-end.html...