Lucene search
K

6 matches found

seebug.org
seebug.org
added 2017/04/06 12:0 a.m.61 views

AMF3 Java implementations Improper Restriction of XML External Entity Reference ('XXE')

A detailed analysis of the reference: https://codewhitesec.blogspot.kr/2017/04/amf.html Some Java implementations of AMF3 deserializers allow the external entity references XXEs from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose...

5.5CVSS7.5AI score0.0954EPSS
Exploits4
ThreatPost
ThreatPost
added 2015/11/20 4:36 p.m.34 views

VMware Patches Pesky XXE Bug in Flex BlazeDS

VMware has patched an information disclosure vulnerability affecting a number of its products that use Flex BlazeDS. The original vulnerability was discovered and disclosed in August by Matthias Kaiser of Code White GmbH. Researchers there found a XML External Entity flaw in Apache Flex BlazeDS...

5CVSS1.5AI score0.0954EPSS
Exploits2References3
VMware
VMware
added 2015/11/18 12:0 a.m.35 views

VMware product updates address information disclosure issue.

a. vCenter Server, vCloud Director, Horizon View information disclosure issue VMware products that use Flex BlazeDS may be affected by a flaw in the processing of XML External Entity XXE requests. A specially crafted XML request sent to the server could lead to unintended information be disclosed...

5CVSS6.2AI score0.0954EPSS
Exploits3References1Affected Software3
ThreatPost
ThreatPost
added 2015/08/27 2:8 p.m.34 views

Adobe ColdFusion Hotfix

Adobe today pushed out a hotfix to ColdFusion implementations, patching a vulnerability it had already patched nine days ago on the LiveCycle Data Services application framework. Today’s hotfix affects ColdFusion 11, update 5 and earlier, and ColdFusion 10, update 16 and earlier. Hotfixes, unlike...

5CVSS0.5AI score0.0954EPSS
Exploits2References4
ThreatPost
ThreatPost
added 2015/08/18 12:46 p.m.34 views

Adobe LiveCycle Data Services Hotfix

Adobe is today expected to push a hotfix through to implementations of its LiveCycle Data Services application framework. The company said the vulnerability, CVE-2015-3269, affects versions 4.7, 4.6.2, 4.5 and 3.0.x on Windows, Macintosh and UNIX systems. Adobe is not aware of public exploits of...

5CVSS1.4AI score0.0954EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2015/04/13 12:0 a.m.154 views

VMware Horizon View Multiple Vulnerabilities (VMSA-2015-0003) (VMSA-2015-0008) (POODLE)

The VMware Horizon View installed on the remote Windows host is version 5.x prior to 5.3.4 or version 6.x prior to 6.1. It is, therefore, affected by the following vulnerabilities : - A man-in-the-middle MitM information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0...

10CVSS6.8AI score0.99999EPSS
Exploits15References30
Rows per page
Query Builder