XML External Entity (XXE)

Adobe xmpcore is vulnerable to XML external entity XXE attacks. The attacks are possible because it does not properly handle the XML data containing an external entity declaration in conjunction with an entity reference, allowing users to read arbitrary files...

USN-3424-2: libxml2 vulnerabilities

USN-3424-1 fixed several vulnerabilities in libxml2. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denia...

Adobe ColdFusion 11.x < 11u13 / 2016.x < 2016u5 Multiple Vulnerabilities (APSB17-30)

The version of Adobe ColdFusion running on the remote Windows host is 11.x prior to update 13 or 2016.x prior to update 5. It is, therefore, affected by multiple vulnerabilities : - A Java deserialization flaw exists that allows an unauthenticated, remote attacker to execute arbitrary code...

Siemens OPC UA Protocol Stack Discovery Service (Update E)

CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation Vulnerability: Improper Restriction of XML External Entity Reference AFFECTED PRODUCTS Siemens...

Entity Reference - Moderately Critical - Access Bypass - DRUPAL-SA-CONTRIB-2017-067

The entity reference module provides a field type that can reference arbitrary entities. In a vulnerable configuration, an attacker could determine the titles of nodes they do not have access to. This is mitigated as only entity reference fields using the "simple" entity selector are vulnerable,...

SUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:1813-1)

This update for libxml2 fixes the following issues: Security issues fixed : - CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID bsc1044337 - CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent bsc1024989 - CVE-2017-7375: Prevented an unwanted external entity reference...

SUSE-SU-2017:1813-1 Security update for libxml2

This update for libxml2 fixes the following issues: Security issues fixed: CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID bsc1044337 CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent bsc1024989 CVE-2017-7375: Prevented an unwanted external entity reference bsc1044894...

openSUSE Security Update : libxml2 (openSUSE-2017-793)

This update for libxml2 fixes the following issues : Security issues fixed : - CVE-2017-7376: Increase buffer space for port in HTTP redirect support bsc1044887 - CVE-2017-7375: Prevent unwanted external entity reference bsc1044894 This update was imported from the SUSE:SLE-12-SP2:Update update...

XXE vulnerability attack and Defense I see-vulnerability warning-the black bar safety net

Whether you've heard of xml injection attacks?, or its only known one not the other? Now let's start with xml-related basics, a step by step understanding of xml attack the principle and manner. This article is mainly for literacy, please bigwigs light spray, have a wrong place welcome notes. XML...

PT-2023-10261 · Libplist +2 · Libplist +2

Name of the Vulnerable Software and Affected Versions: libplist version 1.12 Description: A problematic issue has been found in the XML Handler component of libplist, specifically affecting the plist from xml function in the src/xplist.c file. This issue leads to an xml external entity reference...

References - Unsupported - SA-CONTRIB-2017-38

Updates 2017-04-18 -- This issue has been resolved with the release of references 7.x-2.2 2017-04-14 - A potential new maintainer is working through the process of fixing the References module. When this is complete a new release will be published and this SA will be updated. The specific details...

XML External Entity (XXE)

Glassfish web-core is vulnerable to XML External Entity XXE attacks. These allow remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference. This is relate...

CVE-2016-3055

IBM FileNet Workplace 4.0.2 is affected by CVE-2016-3055 due to an XML External Entity (XXE) flaw in processing XML data, which could allow remote authenticated users to read arbitrary files or cause a memory-based denial of service. Affected version: FileNet Workplace 4.0.2 (before 4.0.2.14 LA01...

Xxe

IBM Security Privileged Identity Manager ISPIM Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service memory consumption via an XML document containing an external entity declaration in conjunction with an entity reference,...

Xxe

Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka Bug ID CSCvb17814...

CVE-2016-4264

CVE-2016-4264 affects Adobe ColdFusion 10 (before Update 21) and 11 (before Update 10). The OOXML feature parser is vulnerable to XML External Entity (XXE) processing via a crafted OOXML spreadsheet containing an external entity declaration and an entity reference, enabling reading of arbitrary f...

CVE-2016-5000

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

CVE-2016-3039

CVE-2016-3039 affects IBM Traveler 8.x and 9.x prior to 9.0.1.12, where XML data containing an external entity declaration with an entity reference enables XXE. Attackers with remote access and authentication could read arbitrary files or trigger memory exhaustion (DoS). Publicly documented refer...

Xxe

XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

CA Release Automation Denial of Service Vulnerability

CA Release Automation formerly CA LISA Release Automation is a suite of enterprise-class release automation solutions from CA USA. The solution enables continuous delivery across the application lifecycle and can streamline and execute application releases, centralize application operations from...