libxml2 xmlParseXMLDecl function information leakage vulnerability

libxml2 is an XML parser and markup toolset. A security vulnerability exists in the function xmlParseXMLDecl within parser.c in versions of libxml2 prior to 2.9.3. An attacker can exploit this vulnerability to obtain sensitive information...

DEBIAN-CVE-2015-8317

The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an 1 unterminated encoding value or 2 incomplete XML declaration in XML data, which triggers an out-of-bounds heap read...

CVE-2015-8317

The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an 1 unterminated encoding value or 2 incomplete XML declaration in XML data, which triggers an out-of-bounds heap read...

Heap overflow

The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an 1 unterminated encoding value or 2 incomplete XML declaration in XML data, which triggers an out-of-bounds heap read...

XML Entity Cheatsheet - Updated

An XML Entity testing cheatsheet. This is an updated version with nokogiri tests removed, just XXE notes. XML Declarations: 1 2 | ---|--- Vanilla entity test: 1 | &post ---|--- SYSTEM entity test xxe: 1 | ---|--- Parameter Entity. One of the benefits is a paremeter entity is automatically expande...

libxml2: Out-of-bounds heap read when parsing file with unfinished xml declaration

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information...

libxml2: Heap-based buffer overflow in xmlParseXmlDecl

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash...

libxml2: Out-of-bounds heap read when parsing file with unfinished xml declaration

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information...

UBUNTU-CVE-2015-8317

The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an 1 unterminated encoding value or 2 incomplete XML declaration in XML data, which triggers an out-of-bounds heap read...

CVE-2015-8317

The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an 1 unterminated encoding value or 2 incomplete XML declaration in XML data, which triggers an out-of-bounds heap read...

PT-2015-3259

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.3 Description The issue allows context-dependent attackers to obtain sensitive information via an unterminated encoding value or incomplete XML declaration in XML data, triggering an out-of-bounds heap read. This...

rest: memory corruption when using oauth because of implicit declaration of rest_proxy_call_get_url

It was found that the OAuth implementation in librest, a helper library for RESTful services, incorrectly truncated the pointer returned by the restproxycallgeturl call. An attacker could use this flaw to crash an application using the librest library...

CVE-2013-1824

The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue in the soapxmlParseFile and...

CVE-2015-6463

CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via a longtag XML schema containing an external entity declaration in...

CVE-2015-6463

CVE-2015-6463 concerns CodeWrights HART Comm DTM components used with Endress+Hauser FieldCare. The vulnerability arises from processing a longtag XML schema containing an external entity declaration and an entity reference (XXE), enabling a remote attacker to read arbitrary files, issue HTTP req...

CVE-2015-4538

The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service CPU and memory consumption via an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE...

DayuCMS 1.526 and DirCMS front any code to perform the analysis and POC-vulnerability warning-the black bar safety net

DayuCMS in converting the string to array function in the direct use of eval, and presence of control variables, leading to arbitrary code execution. DayuCMS may reference the DirCMS code, The two CMS code is almost similar. This article only analysis DayuCMS 0x01. Vulnerability description DayuC...

Xxe

The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management MDM 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2 allows remote attackers to read arbitrary files, and consequently obtain administrative access, via an external entity...

Fedora 20 : perl-DBD-Firebird-1.19-1.fc20 (2015-5601)

DBD::Firebird 1.19 2015-03-22 =============================== - Fix $VERSION in Firebird.pm - Fix typo in ISCPASSWORD spelling - Positive logic and early return - Allow re-executing/fetch on prepared sth RT92810, Tux - Add rests for $dbh-Name and others - Implement $dbh-Name - Fix attributions to...

CVE-2015-2937

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service "quadratic blowup" and memory consumption via an XML file containing an entity declaration with long replacement text and many references to th...