Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

159 matches found

Mageia
Mageiaadded 2014/10/07 9:22 a.m.48 views

Updated xerces-j2 packages fix CVE-2013-4002

Updated xerces-j2 packages fix security vulnerability: A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using...

7.1CVSS3.1AI score0.07428EPSS
Exploits0References3
OSV
OSVadded 2014/08/18 11:15 a.m.9 views

CVE-2014-5265

The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted...

6.8AI score
Exploits0References8
UbuntuCve
UbuntuCveadded 2014/08/18 11:15 a.m.34 views

CVE-2014-5265

The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted...

5CVSS5.9AI score0.07017EPSS
Exploits0References6
Debian CVE
Debian CVEadded 2014/08/18 10:0 a.m.46 views

CVE-2014-5265

The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted...

5CVSS6.5AI score0.07017EPSS
Exploits0
RedHat Linux
RedHat Linuxadded 2013/10/21 5:37 p.m.9 views

OpenJDK: XML parsing Denial of Service (JAXP, 8017298)

A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an...

7.1CVSS6.7AI score0.07428EPSS
Exploits0References5
Cisco Threats
Cisco Threatsadded 2013/10/01 2:57 p.m.10 views

Threat Outbreak Alert: Fake Court Document Email Messages on October 1, 2013

Medium Alert ID: 31072 First Published: 2013 October 1 14:57 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a copy of a judicial declaration for the recipient. The text in the email message attempts to convince the...

0.5AI score
Exploits0
RedHat Linux
RedHat Linuxadded 2013/07/16 5:12 p.m.4 views

OpenJDK: XML parsing Denial of Service (JAXP, 8017298)

A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an...

7.1CVSS6.7AI score0.07428EPSS
Exploits0References5
OSV
OSVadded 2009/08/11 6:30 p.m.1 views

DEBIAN-CVE-2009-2414

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the...

4.3CVSS8.5AI score0.01289EPSS
Exploits2References1
Debian CVE
Debian CVEadded 2009/08/11 6:0 p.m.32 views

CVE-2009-2414

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the...

4.3CVSS4.9AI score0.01289EPSS
Exploits2
RedHat Linux
RedHat Linuxadded 2009/08/10 6:9 p.m.2 views

mingw32-libxml2: Stack overflow by parsing root XML element DTD definition

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the...

4.3CVSS6.6AI score0.01289EPSS
Exploits2References4
Exploit DB
Exploit DBadded 2009/03/10 12:0 a.m.43 views

NextApp Echo < 2.1.1 - XML Injection

SEC Consult Security Advisory ======================================================================== title: NextApp Echo XML Injection Vulnerability program: NextApp Echo vulnerable version: Echo2 2.1.1 homepage: http://echo.nextapp.com/site/echo2 found: Feb. 2008 by: Anonymous / SEC Consult...

7.4AI score
Exploits0
OpenVAS
OpenVASadded 2008/01/17 12:0 a.m.17 views

Debian Security Advisory DSA 1032-1 (zope-cmfplone)

The remote host is missing an update to zope-cmfplone announced via advisory DSA 1032-1. It was discovered that the Plone content management system lacks security declarations for three internal classes. This allows manipulation of user portraits by unprivileged users. The old stable distribution...

5CVSS0.4AI score0.11718EPSS
Exploits0
0day.today
0day.todayadded 2006/06/29 12:0 a.m.67 views

GeekLog <= 1.4.0sr3 (_CONF[path]) Remote File Include Vulnerabilities

Exploit for unknown platform in category web applications ===================================================================== GeekLog www.site.com/path/publichtml/index.php http://www.site.com/path/plugins/links/functions.inc?CONFpath=EvilScript...

7.1AI score
Exploits0
FreeBSD
FreeBSDadded 2006/04/13 12:0 a.m.23 views

plone -- "member_id" Parameter Portrait Manipulation Vulnerability

Secunia reports: The vulnerability is caused due to missing security declarations in "changeMemberPortrait" and "deletePersonalPortrait". This can be exploited to manipulate or delete another user's portrait via the "memberid" parameter...

5CVSS6.4AI score0.11718EPSS
Exploits0References3
securityvulns
securityvulnsadded 2006/04/12 12:0 a.m.43 views

[SECURITY] [DSA 1032-1] New zope-cmfplone packages fix unprivileged data manipulation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1032-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 12th, 2006 http://www.debian.org/security/faq -...

5CVSS0.1AI score0.11718EPSS
Exploits0
Prion
Prionadded 2006/01/25 2:3 a.m.29 views

Null pointer dereference

The TIFFFetchShortPair function in tifdirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service application crash via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function...

5CVSS6.8AI score0.01836EPSS
Exploits0References8Affected Software1
NVD
NVDadded 2006/01/25 2:3 a.m.19 views

CVE-2006-0405

The TIFFFetchShortPair function in tifdirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service application crash via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function...

5CVSS6.5AI score0.01836EPSS
Exploits0References8
CVE
CVEadded 2006/01/25 2:0 a.m.59 views

CVE-2006-0405

CVE-2006-0405 concerns the TIFFFetchShortPair function in tif_dirread.c of libtiff 3.8.0, where a crafted TIFF image can trigger a NULL pointer dereference and cause an application crash (denial of service). The description notes this could be due to changes in type declarations and/or the TIFFVS...

5CVSS6.3AI score0.01836EPSS
Exploits0References8Affected Software1
Cvelist
Cvelistadded 2006/01/25 2:0 a.m.23 views

CVE-2006-0405

The TIFFFetchShortPair function in tifdirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service application crash via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function...

6.3AI score0.01836EPSS
Exploits0References8
Rows per page
Query Builder