356 matches found
Moderate: Red Hat Security Advisory: Red Hat JBoss BRMS 6.1.5 update
Red Hat JBoss BRMS 6.1.5, which fixes one security issue, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...
XML External Entity (XXE) Vulnerability in Hitachi Command Suite
Overview XML External Entity XXE Vulnerability exists in Hitachi Command Suite. Impact Malicious attacker might exploit this vulnerability to disclose arbitrary files. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
CVE-2015-5319
XML external entity XXE vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job...
CVE-2005-1306
The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability."...
SAP Mobile Platform XML External Entity Information Disclosure Vulnerability
SAP Mobile Platform SMP is a mobile application development platform from SAP. The platform is used to build packaged and customized development applications for any device. A security vulnerability exists in the SAP Mobile Platform XML external entity. This vulnerability could be exploited by an...
SAP Mobile Platform External Entity Vulnerability
SAP Mobile Platform SMP is a mobile application development platform from SAP. The platform is used to build packaged and customized development applications for any device. An external entity vulnerability exists in SAP Mobile Platform. A remote attacker can exploit this vulnerability by sending...
Ektron CMS XML External Entity Injection Vulnerability
Ektron CMS is a content management system. An injection vulnerability exists in the Ektron CMS XML external entity due to the application failing to properly filter user-supplied input before dynamically generating content. An attacker could exploit this vulnerability to execute arbitrary code...
Xxe
XML external entity XXE vulnerability in Scalix Web Access 11.4.6.12377 and 12.2.0.14697 allows remote attackers to read arbitrary files and trigger requests to intranet servers via a crafted request...
DEBIAN-CVE-2014-3529
The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
Xml eXternal Entity Vulnerability in XML link function of Hitachi COBOL2002
Overview XML link function of Hitachi COBOL2002 contains vulnerabilities to conduct information leakage or cause a denial of service DoS condition. Impact A remote attacker could conduct information leakage or cause a denial of service DoS condition via untrusted XML document loading unexpected...
UBUNTU-CVE-2014-1626
XML External Entity XXE vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file...
DEBIAN-CVE-2013-6408
The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Enti...
CVE-2013-1915
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity XXE vulnerability...
CVE-2012-4499
The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified vectors...
RESTEasy: XML eXternal Entity (XXE) flaw
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity XXE injection attack...
CVE-2005-1306
The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability."...