149 matches found
CVE-2018-7833
An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable...
Nokogiri vulnerable to libxml XML Entity Expansion
The xmlreader in libxml allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack...
GHSA-Q7WX-62R7-J2X7 Nokogiri vulnerable to libxml XML Entity Expansion
The xmlreader in libxml allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack...
Xxe
XML external entity XXE vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data...
Geist WatchDog Console XML External Entity Injection Vulnerability
Geist WatchDog Console is a suite of environmental monitoring software from Geist USA. An XML external entity injection vulnerability exists in Geist WatchDog Console version 3.2.2. A remote attacker can exploit this vulnerability to read arbitrary files with specially crafted XML data...
Xxe
Multiple XML external entity XXE vulnerabilities in 1 CQWeb / CM Server, 2 ClearQuest Native client, 3 ClearQuest Eclipse client, and 4 ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1....
Xxe
XML external entity XXE vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data...
CVE-2014-0931
Multiple XML external entity XXE vulnerabilities in the 1 CCRC WAN Server / CM Server, 2 Perl CC/CQ integration trigger scripts, 3 CMAPI Java interface, 4 ClearCase remote client, and 5 CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through...
Xxe
Multiple XML external entity XXE vulnerabilities in the 1 CCRC WAN Server / CM Server, 2 Perl CC/CQ integration trigger scripts, 3 CMAPI Java interface, 4 ClearCase remote client, and 5 CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through...
CVE-2014-0950
Multiple XML external entity XXE vulnerabilities in 1 CQWeb / CM Server, 2 ClearQuest Native client, 3 ClearQuest Eclipse client, and 4 ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1....
CVE-2018-10077
XML external entity XXE vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data...
CVE-2014-0931
Multiple XML external entity XXE vulnerabilities in the 1 CCRC WAN Server / CM Server, 2 Perl CC/CQ integration trigger scripts, 3 CMAPI Java interface, 4 ClearCase remote client, and 5 CMI and OSLC-based ClearQuest integrations components in IBM Rational ClearCase 7.1.0.x, 7.1.1.x, 7.1.2 through...
Xxe
XML external entity XXE vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service memory consumption via crafted XML data. IBM X-Force ID: 108357...
Xxe
XML external entity XXE vulnerability in IBM InfoSphere Information Governance Catalog 11.3 before 11.3.1.2 and 11.5 before 11.5.0.1 allows remote authenticated users to read arbitrary files or cause a denial of service via crafted XML data. IBM X-Force ID: 110510...
CVE-2016-0250
XML external entity XXE vulnerability in IBM InfoSphere Information Governance Catalog 11.3 before 11.3.1.2 and 11.5 before 11.5.0.1 allows remote authenticated users to read arbitrary files or cause a denial of service via crafted XML data. IBM X-Force ID: 110510...
CVE-2016-0250
CVE-2016-0250 is an XXE vulnerability in IBM InfoSphere Information Governance Catalog (IGC). It affects IGC versions 11.3 prior to 11.3.1.2 and 11.5 prior to 11.5.0.1, enabling a remote authenticated attacker to read arbitrary files or cause a denial of service by processing crafted XML data. Th...
Xxe
XML external entity XXE vulnerability in IBM Financial Transaction Manager FTM for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager FTM for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager FTM fo...
CVE-2016-0268
CVE-2016-0268 affects IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services on Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013. The vulnerability is an XML External Entity (XXE) issue in XML processing that could allow a remote authenticated atta...
CVE-2016-0268
XML external entity XXE vulnerability in IBM Financial Transaction Manager FTM for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager FTM for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager FTM fo...
CVE-2018-0489
Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this...