99 matches found
APSB17-39 Security update available for Adobe Digital Editions
Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh, iOS, and Android. This update addresses an XML external entity processing vulnerability rated critical that could lead to information disclosure, out-of-bounds read vulnerabilities that could lead to the...
XML External Entity (XXE) Processing
zendframework/zend-json is susceptible to XML external entity XXE processing attacks. The attacks can be triggered because when loading an XML formatted string into a Simple XML Element object. The fromXml function in Json.php does not validate the XML formatted string properly...
Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure Exploit
Exploit for java platform in category web applications !/usr/local/bin/python """ Oracle Java SE Web Start jnlp XML External Entity Processing Information Disclosure Vulnerability Affected: + eg: ./poc.py 'C:/Program Files/Java/jre1.8.0131/README.txt' saturn: mrme$ ./poc.py 'C:/Program...
Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure
Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure !/usr/local/bin/python """ Oracle Java SE Web Start jnlp XML External Entity Processing Information Disclosure Vulnerability Affected: + eg: ./poc.py 'C:/Program Files/Java/jre1.8.0131/README.txt' saturn: mrme$...
Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure
!/usr/local/bin/python """ Oracle Java SE Web Start jnlp XML External Entity Processing Information Disclosure Vulnerability Affected: + eg: ./poc.py 'C:/Program Files/Java/jre1.8.0131/README.txt' saturn: mrme$ ./poc.py 'C:/Program Files/Java/jre1.8.0131/README.txt' Oracle Java Web Start JNLP XML...
XML External Entity Processing (XXE)
simplesamlphp/saml2 is vulnerable to XML external entity processing XXE attacks. The attacks are possible because it does not use SAML2DOMDocumentFactory to create DOMDocuments from a string containing XML and does not call libxmldisableentityloader before calling any code...
XML External Entity Processing (XXE)
Apache OpenNLP is vulnerable to XML external entity processing XXE attacks. The attacks can be launched because it does not sanitize the XML in the input, allowing the attackers to parse models or dictionaries with malicious XML...
Trend Micro Control Manager ProductTree_TreeManagement1 XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...
Trend Micro Control Manager XML External Entity Processing
An XML external entity processing vulnerability exists in Trend Micro Control Manager. The vulnerability is due to lack of validation of user-supplied input prior to executing an XML query. A remote, authenticated attacker could exploit this vulnerability by sending a malicious HTTP request to th...
CVE-2016-5748
External Entity Processing XXE vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users...
CVE-2016-5748
External Entity Processing XXE vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users...
jakarta-taglibs-standard: XXE and RCE via XSL extension in JSTL XML tags
It was found that the Java Standard Tag Library JSTL allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution...
Trend Micro Control Manager DeploymentPlan_Event_Handler External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within DeploymentPlanEventHandler.aspx. The issue lies in the failure to...
Trend Micro Control Manager TreeUserControl_process_tree_event External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within TreeUserControlprocesstreeevent.aspx. The issue lies in the failure to...
XML External Entity (XXE) Processing in TYPO3 Core
It has been discovered, that TYPO3 is susceptible to XML External Entity Processing Component Type: TYPO3 CMS Release Date: February 23, 2016 Vulnerable subcomponent: TYPO3 CMS Vulnerability Type: XML External Entity Processing Affected Versions: Versions 6.2.0 to 6.2.18 and 7.6.0 to 7.6.3...
jakarta-taglibs-standard: XXE and RCE via XSL extension in JSTL XML tags
It was found that the Java Standard Tag Library JSTL allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution...
Cisco Prime Service Catalog XML External Entity Processing Vulnerability
A vulnerability in the configuration of the XML parser of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive data stored on the host operating system or cause system resource consumption that could cause a denial of service condition. Cisco has released...
DEBIAN-CVE-2014-0054
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML Extern...
DSA-2842-1 libspring-java - several
Bulletin has no description...