Remote code execution

An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution...

shibboleth-sp -- vulnerable to forged user attribute data

Shibboleth consortium reports: Shibboleth SP software vulnerable to additional data forgery flaws The XML processing performed by the Service Provider software has been found to be vulnerable to new flaws similar in nature to the one addressed in an advisory last month. These bugs involve the use...