9838 matches found
CVE-2012-4399
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity XXE injection attack...
CVE-2012-4399
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity XXE injection attack...
PT-2012-5373 · Cakephp · Cakephp
Name of the Vulnerable Software and Affected Versions: CakePHP versions 2.1.x through 2.1.4 CakePHP versions 2.2.x through 2.2.0 Description: The issue allows remote attackers to read arbitrary files via XML data containing external entity references, specifically through an XML external entity X...
Xxe
The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to...
CVE-2012-3489
The xmlparse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content tha...
postgresql: File disclosure through XXE in xmlparse by DTD validation
The xmlparse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content tha...
module): XXE by applying XSL stylesheet to the document
The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to...
module): XXE by applying XSL stylesheet to the document
The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to...
Ektron CMS 8.5.0 File Upload / XXE Injection
Sense of Security - Security Advisory - SOS-12-009 Release Date. 05-Sep-2012 Last Update. - Vendor Notification Date. 07-May-2012 Product. Ektron CMS Platform. ASP.NET Affected versions. Ektron CMS version 8.5.0 and possibly others Severity Rating. High Impact. Exposure of sensitive information...
Mandriva Linux Security Advisory : libreoffice (MDVSA-2012:063)
An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had...
Mandriva Update for raptor MDVSA-2012:061 (raptor)
Check for the Version of raptor OpenVAS Vulnerability Test Mandriva Update for raptor MDVSA-2012:061 raptor Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...
Mandriva Update for libreoffice MDVSA-2012:063 (libreoffice)
Check for the Version of libreoffice OpenVAS Vulnerability Test Mandriva Update for libreoffice MDVSA-2012:063 libreoffice Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
Mandriva Update for libreoffice MDVSA-2012:063 (libreoffice)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Mandriva Update for raptor MDVSA-2012:061 (raptor)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Scientific Linux Security Update : raptor on SL6.x i386/x86_64 (20120322)
Raptor provides parsers for Resource Description Framework RDF files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially crafted RDF file, it could possibly allow a remote attacker to obtain a cop...
RESTEasy: XML eXternal Entity (XXE) flaw
The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding JAXB input, aka an XML external entity XXE injection attack, a similar vulnerability to...
RESTEasy: XML eXternal Entity (XXE) flaw
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity XXE injection attack...
CentOS Update for raptor CESA-2012:0410 centos6
Check for the Version of raptor OpenVAS Vulnerability Test CentOS Update for raptor CESA-2012:0410 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...
CentOS Update for openoffice.org-base CESA-2012:0411 centos5
Check for the Version of openoffice.org-base OpenVAS Vulnerability Test CentOS Update for openoffice.org-base CESA-2012:0411 centos5 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...
CentOS Update for openoffice.org-base CESA-2012:0411 centos5
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...