UBUNTU-CVE-2014-5267

modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document...

OpenJDK: XML parsing Denial of Service (JAXP, 8017298)

A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an...

CVE-2014-5035

The CVE-2014-5035 issue affects OpenDaylight 1.0 Netconf (TCP) service. It allows remote attackers to read arbitrary files via an XML External Entity (XXE) in conjunction with an entity reference inside an XML-RPC message, causing information disclosure. Root cause is processing of external entit...

Chaussette <= 080706 (_BASE) Remote File Include Vulnerabilities

No description provided by source. Chaussette Remote File Inclusion CreW: ToXiC Bug Found By Drago84 Source Code: http://freshmeat.net/redir/chaussette/64502/urlzip/chaussette.zip Page Affect /Classes/Evenement.php /Classes/Event.php /Classes/Eventformonth.php /Classes/Eventformonthperday.php...

Threat Outbreak Alert: Fake Declaration Form Email Messages on May 28, 2014

Medium Alert ID: 34403 First Published: 2014 May 29 13:11 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a declaration form for the recipient. The email message attempts to convince the recipient to open the attachment...

Camel: XML eXternal Entity (XXE) flaw in XSLT component

The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External...

CVE-2014-0002

The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External...

RealNetworks RealPlayer RMP File Stack Buffer Overflow (CVE-2013-6877)

A stack buffer overflow exists in RealNetworks RealPlayer. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user. The vulnerability is due to an error when parsing the version and encoding attributes of the XML declaration statement. An...

CVE-2013-6440

The 1 BasicParserPool, 2 StaticBasicParserPool, 3 XML Decrypter, and 4 SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity XXE attacks via a crafted XML DOCTYPE declaration...

Xxe

The 1 BasicParserPool, 2 StaticBasicParserPool, 3 XML Decrypter, and 4 SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity XXE attacks via a crafted XML DOCTYPE declaration...

CVE-2013-6440

Removed by vendor...

[ MDVSA-2014:009 ] librsvg

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:009 http://www.mandriva.com/en/support/security/ Package : librsvg Date : January 17, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Updated librsvg and gtk+3.0 packages fix...

Updated librsvg and gtk+3.0 packages fix security vulnerability

librsvg before version 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference CVE-2013-1881. gtk+3.0 has been patched to cope with the changes in SVG loading due to the fix in librsvg...

Stack overflow

Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long 1 version number or 2 encoding declaration in the XML declaration of an RMP file, a different issue than...

RealPlayer RMP File Version Attribute Buffer Overflow

Added: 12/27/2013 CVE: CVE-2013-6877 BID: 64398 OSVDB: 101356 Background RealNetworks RealPlayer includes an embedded player which plays media embedded in a web page. Problem RealNetworks Windows RealPlayer 17.0.2.206 and earlier versions are vulnerable to remote code execution due to improper...

RealPlayer RMP File Version Attribute Buffer Overflow

Added: 12/27/2013 CVE: CVE-2013-6877 BID: 64398 OSVDB: 101356 Background RealNetworks RealPlayer includes an embedded player which plays media embedded in a web page. Problem RealNetworks Windows RealPlayer 17.0.2.206 and earlier versions are vulnerable to remote code execution due to improper...

RealNetworks RealPlayer Version Attribute Buffer Overflow

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'RealNetworks RealPlayer Version Attribute Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow...

RealNetworks RealPlayer Version Attribute Buffer Overflow

This module exploits a stack-based buffer overflow vulnerability in version 16.0.3.51 and 16.0.2.32 of RealNetworks RealPlayer, caused by improper bounds checking of the version and encoding attributes inside the XML declaration. By persuading the victim to open a specially-crafted .RMP file, a...

Character encoding cross-origin XSS attack — Mozilla

Security researcher Masato Kinugawa discovered that if a web page is missing character set encoding information it can inherit character encodings across navigations into another domain from an earlier site. Only same-origin inheritance is allowed according to the HTML5 specification. This issue...

CVE-2012-6612

The 1 UpdateRequestHandler for XSLT or 2 XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, different...