134 matches found
Updated c3p0 packages fix security vulnerabilities
An XML external entity processing vulnerability was found in extractXmlConfigFromInputStream function in c3p0 CVE-2018-20433. c3p0 version 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading...
Advantech WISE-PaaS/RMM RecoveryMgmt checkSchName XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RecoveryMgmt class. Due to the improper restriction of XML External...
Advantech WISE-PaaS/RMM AccountMgmt activateAccount XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AccountMgmt class. Due to the improper restriction of XML External...
CVE-2019-12415
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity XXE Processing...
CVE-2019-16188
HCL AppScan Source before 9.03.13 is susceptible to XML External Entity XXE attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in AppScan Source, the conte...
jenkins-plugin-token-macro: XML External Entity processing the ${XML} macro
An XML external entities XXE vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side...
PT-2019-5029 · Mchange +4 · C3P0 +4
Name of the Vulnerable Software and Affected Versions: c3p0 versions prior to 0.9.5.4 Description: The issue is related to errors in processing XML entities in the ConfigXmlUtils function of the c3p0 library for JDBC drivers. This can be exploited by a remote attacker to cause a denial of service...
Xxe
An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server Jenkins queried in preparation of job import to read...
CVE-2018-11788
A flaw was found in the Apache Karaf XMLInputFactory, where it does not prevent External Entity Processing XXE. This is a potential security risk as an attacker could inject external XML entities to access sensitive information or conduct further attacks...
CVE-2018-13416
In Universal Media Server UMS 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...
CVE-2016-9487 EpubCheck 4.0.1 is vulnerable to external XML entity processing attacks
EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary requests on his behalf...
Security Bulletin: XML External Entity Processing in Castor might affect WebSphere Lombardi Edition (CVE-2014-3004)
Summary An XML External Entity Processing vulnerability has been reported for the Castor open source library that is used in WebSphere Lombardi Edition WLE. Vulnerability Details CVE-ID: CVE-2014-3004 Description: Castor Library could allow a remote attacker to obtain sensitive information, cause...
Security Bulletin: XML External Entity Processing in Castor might affect IBM Business Process Manager (CVE-2014-3004)
Summary An XML External Entity Processing vulnerability has been reported for the Castor open source library that is used in IBM Business Process Manager BPM. Vulnerability Details CVE-ID: CVE-2014-3004 Description: Castor Library could allow a remote attacker to obtain sensitive information,...
CVE-2018-1000198
A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document...
CVE-2018-10653
There is an XML External Entity XXE Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3...
Xxe
There is an XML External Entity XXE Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3...
CVE-2017-6323
The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0POSTHF6, and ITMS 7.6POSTHF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service,...
CVE-2017-7426
The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity XXE handling flaws that could be used by attackers to leak information or cause denial of service attacks...
CVE-2018-1000011
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
APSB17-39 Security update available for Adobe Digital Editions
Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh, iOS, and Android. This update addresses an XML external entity processing vulnerability rated critical that could lead to information disclosure, out-of-bounds read vulnerabilities that could lead to the...