134 matches found
XML External Entity (XXE) Processing
zendframework/zend-json is susceptible to XML external entity XXE processing attacks. The attacks can be triggered because when loading an XML formatted string into a Simple XML Element object. The fromXml function in Json.php does not validate the XML formatted string properly...
Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure Exploit
Exploit for java platform in category web applications !/usr/local/bin/python """ Oracle Java SE Web Start jnlp XML External Entity Processing Information Disclosure Vulnerability Affected: + eg: ./poc.py 'C:/Program Files/Java/jre1.8.0131/README.txt' saturn: mrme$ ./poc.py 'C:/Program...
Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure
Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure !/usr/local/bin/python """ Oracle Java SE Web Start jnlp XML External Entity Processing Information Disclosure Vulnerability Affected: + eg: ./poc.py 'C:/Program Files/Java/jre1.8.0131/README.txt' saturn: mrme$...
Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure
!/usr/local/bin/python """ Oracle Java SE Web Start jnlp XML External Entity Processing Information Disclosure Vulnerability Affected: + eg: ./poc.py 'C:/Program Files/Java/jre1.8.0131/README.txt' saturn: mrme$ ./poc.py 'C:/Program Files/Java/jre1.8.0131/README.txt' Oracle Java Web Start JNLP XML...
XML External Entity Processing (XXE)
simplesamlphp/saml2 is vulnerable to XML external entity processing XXE attacks. The attacks are possible because it does not use SAML2DOMDocumentFactory to create DOMDocuments from a string containing XML and does not call libxmldisableentityloader before calling any code...
XML External Entity Processing (XXE)
Apache OpenNLP is vulnerable to XML external entity processing XXE attacks. The attacks can be launched because it does not sanitize the XML in the input, allowing the attackers to parse models or dictionaries with malicious XML...
Trend Micro Control Manager ProductTree_TreeManagement1 XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...
Trend Micro Control Manager XML External Entity Processing
An XML external entity processing vulnerability exists in Trend Micro Control Manager. The vulnerability is due to lack of validation of user-supplied input prior to executing an XML query. A remote, authenticated attacker could exploit this vulnerability by sending a malicious HTTP request to th...
CVE-2016-5748
External Entity Processing XXE vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users...
CVE-2016-5748
External Entity Processing XXE vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users...
jakarta-taglibs-standard: XXE and RCE via XSL extension in JSTL XML tags
It was found that the Java Standard Tag Library JSTL allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution...
Trend Micro Control Manager DeploymentPlan_Event_Handler External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within DeploymentPlanEventHandler.aspx. The issue lies in the failure to...
Trend Micro Control Manager TreeUserControl_process_tree_event External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within TreeUserControlprocesstreeevent.aspx. The issue lies in the failure to...
XML External Entity (XXE) Processing in TYPO3 Core
It has been discovered, that TYPO3 is susceptible to XML External Entity Processing Component Type: TYPO3 CMS Release Date: February 23, 2016 Vulnerable subcomponent: TYPO3 CMS Vulnerability Type: XML External Entity Processing Affected Versions: Versions 6.2.0 to 6.2.18 and 7.6.0 to 7.6.3...
jakarta-taglibs-standard: XXE and RCE via XSL extension in JSTL XML tags
It was found that the Java Standard Tag Library JSTL allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution...
RESTeasy: External entities expanded by DocumentProvider
It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessibl...
Cisco Prime Service Catalog XML External Entity Processing Vulnerability
A vulnerability in the configuration of the XML parser of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive data stored on the host operating system or cause system resource consumption that could cause a denial of service condition. Cisco has released...
Tomcat/JBossWeb: XML parser hijack by malicious web application
It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web / Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors TLDs, and tag plug-in configuration files. The injected XML...
DEBIAN-CVE-2014-0054
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML Extern...
Critical: java-1.7.0-openjdk
Issue Overview: An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox...