Lucene search
K

9838 matches found

UbuntuCve
UbuntuCve
added 2012/10/09 11:55 p.m.32 views

CVE-2012-4399

The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity XXE injection attack...

7.5CVSS7.2AI score0.12091EPSS
Exploits1References4
Cvelist
Cvelist
added 2012/10/09 11:0 p.m.27 views

CVE-2012-4399

The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity XXE injection attack...

7.6AI score0.12091EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2012/10/09 12:0 a.m.9 views

PT-2012-5373 · Cakephp · Cakephp

Name of the Vulnerable Software and Affected Versions: CakePHP versions 2.1.x through 2.1.4 CakePHP versions 2.2.x through 2.2.0 Description: The issue allows remote attackers to read arbitrary files via XML data containing external entity references, specifically through an XML external entity X...

7.5CVSS7.6AI score0.12091EPSS
Exploits1References11
Prion
Prion
added 2012/10/03 9:55 p.m.22 views

Xxe

The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to...

4.9CVSS6.9AI score0.03297EPSS
Exploits1References24Affected Software1
NVD
NVD
added 2012/10/03 9:55 p.m.18 views

CVE-2012-3489

The xmlparse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content tha...

6.5CVSS6.2AI score0.03057EPSS
Exploits1References21
RedHat Linux
RedHat Linux
added 2012/09/13 5:3 p.m.4 views

postgresql: File disclosure through XXE in xmlparse by DTD validation

The xmlparse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content tha...

6.5CVSS7AI score0.03057EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2012/09/13 5:3 p.m.9 views

module): XXE by applying XSL stylesheet to the document

The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to...

4.9CVSS7.1AI score0.03297EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2012/09/13 4:55 p.m.6 views

module): XXE by applying XSL stylesheet to the document

The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to...

4.9CVSS7.1AI score0.03297EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2012/09/06 12:0 a.m.50 views

Ektron CMS 8.5.0 File Upload / XXE Injection

Sense of Security - Security Advisory - SOS-12-009 Release Date. 05-Sep-2012 Last Update. - Vendor Notification Date. 07-May-2012 Product. Ektron CMS Platform. ASP.NET Affected versions. Ektron CMS version 8.5.0 and possibly others Severity Rating. High Impact. Exposure of sensitive information...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/09/06 12:0 a.m.22 views

Mandriva Linux Security Advisory : libreoffice (MDVSA-2012:063)

An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had...

6.5CVSS6.5AI score0.13682EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2012/08/03 12:0 a.m.29 views

Mandriva Update for raptor MDVSA-2012:061 (raptor)

Check for the Version of raptor OpenVAS Vulnerability Test Mandriva Update for raptor MDVSA-2012:061 raptor Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

4.3CVSS0.2AI score0.13682EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2012/08/03 12:0 a.m.24 views

Mandriva Update for libreoffice MDVSA-2012:063 (libreoffice)

Check for the Version of libreoffice OpenVAS Vulnerability Test Mandriva Update for libreoffice MDVSA-2012:063 libreoffice Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

4.3CVSS0.7AI score0.13682EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2012/08/03 12:0 a.m.19 views

Mandriva Update for libreoffice MDVSA-2012:063 (libreoffice)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

6.5CVSS6.3AI score0.13682EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2012/08/03 12:0 a.m.24 views

Mandriva Update for raptor MDVSA-2012:061 (raptor)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

6.5CVSS6.3AI score0.13682EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.26 views

Scientific Linux Security Update : raptor on SL6.x i386/x86_64 (20120322)

Raptor provides parsers for Resource Description Framework RDF files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially crafted RDF file, it could possibly allow a remote attacker to obtain a cop...

6.5CVSS6.6AI score0.13682EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2012/07/31 2:24 p.m.7 views

RESTEasy: XML eXternal Entity (XXE) flaw

The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding JAXB input, aka an XML external entity XXE injection attack, a similar vulnerability to...

5CVSS7.5AI score0.03213EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/07/31 2:24 p.m.7 views

RESTEasy: XML eXternal Entity (XXE) flaw

RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity XXE injection attack...

5CVSS7.5AI score0.03213EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2012/07/30 12:0 a.m.23 views

CentOS Update for raptor CESA-2012:0410 centos6

Check for the Version of raptor OpenVAS Vulnerability Test CentOS Update for raptor CESA-2012:0410 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

4.3CVSS6.6AI score0.13682EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2012/07/30 12:0 a.m.27 views

CentOS Update for openoffice.org-base CESA-2012:0411 centos5

Check for the Version of openoffice.org-base OpenVAS Vulnerability Test CentOS Update for openoffice.org-base CESA-2012:0411 centos5 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

4.3CVSS6.6AI score0.13682EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2012/07/30 12:0 a.m.22 views

CentOS Update for openoffice.org-base CESA-2012:0411 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

6.5CVSS6.3AI score0.13682EPSS
Exploits2References2
Rows per page
Query Builder