CVE-2019-11216

BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed...

CVE-2019-11216

BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed...

Design/Logic Flaw

BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the import functionality. One can import a malicious XML file and perform XXE attacks to download local files from the server, or do DoS attacks with XML expansion attacks. XXE with direct response and XXE OOB are allowed...

BMC Smart Reporting 7.3 20180418 XML Injection

4 43 7.3 20180418 2019-01-18 10:14 UTC +0000 66717 sour...

BMC Smart Reporting XML External Entity Injection Vulnerability

BMC Smart Reporting is a smart reporting system. BMC Smart Reporting suffers from an XML External Entity Injection vulnerability that allows an authenticated attacker with administrator privileges to import a malicious XML file and perform an XXE attack to download a local file from a server, or...

389 security update

CentOS Errata and Security Advisory CESA-2019:3981 An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Nessus Map - Parse .Nessus File(S) And Shows Output In Interactive UI

Nessus XML Praser Requirements Python3 Django Tested on Ubuntu 18.04 What it does Vulnerability based parsing Service based parsing Host bases parsing Unsupported OS parsing Generate Executive Summary of scan Export parsed .nessuss to JSON files Import JSON file in NessusMap How it works Create X...

OPENSUSE-SU-2019:2612-1 Security update for libxml2

This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect all CVEs that have been fixed over the past. This update was imported from the SUSE:SLE-15:Update update project...

FreeBSD : Gitlab -- Multiple Vulnerabilities (1aa7a094-1147-11ea-b537-001b217b3468)

Gitlab reports : Path traversal with potential remote code execution Private objects exposed through project import Disclosure of notes via Elasticsearch integration Disclosure of comments via Elasticsearch integration DNS Rebind SSRF in various chat notifications Disclosure of vulnerability stat...

Microsoft Excel 2016 1901 - XML External Entity Injection

Exploit Title: Microsoft Excel 2016 1901 - XML External Entity Injection Discovery by: hyp3rlinx Date: 2019-12-02 Vendor Homepage: www.microsoft.com Tested Version: 2016 v1901 CVE: N/A + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

Microsoft Excel 2016 1901 - XML External Entity Injection

Microsoft Excel 2016 1901 - XML External Entity Injection Exploit Title: Microsoft Excel 2016 1901 - XML External Entity Injection Discovery by: hyp3rlinx Date: 2019-12-02 Vendor Homepage: www.microsoft.com Tested Version: 2016 v1901 CVE: N/A + Credits: John Page aka hyp3rlinx + Website:...

[SECURITY] Fedora 30 Update: phpMyAdmin-4.9.2-1.fc30

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

[SECURITY] Fedora 31 Update: phpMyAdmin-4.9.2-1.fc31

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

Microsoft Excel 2016 1901 Import Error XML Injection

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-EXCEL-2016-v1901-IMPORT-ERROR-EXTERNAL-ENTITY-INJECTION.txt + ISR: ApparitionSec Vendor www.microsoft.com Product Excel 2016 v1901 Microsoft Excel is a spreadsheet...

Netstat2Neo4J - Create Cypher Create Statements For Neo4J Out Of Netstat Files From Multiple Machines

Graphs help to spot anomalies and patterns in large datasets. This script takes netstat information from multiple hosts and formats them in a way to make them importable into Neo4j. Neo4j can be queried for find connections to certain hosts, from certain hosts, find out the usage or protocols and...

389-ds-base security and bug fix update

1.3.9.1-12 - Bump version to 1.3.9.1-12 - Resolves: Bug 1767622 - CleanAllRUV task limit not enforced 1.3.9.1-11 - Bump version to 1.3.9.1-11 - Resolves: Bug 1748198 - EMBARGOED CVE-2019-14824 389-ds-base: Read permission check bypass via the deref plugin - Resolves: Bug 1754831 - After audit log...

Important: Red Hat Security Advisory: 389-ds-base security and bug fix update

An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

datamorph-workflow-generator (=0.0.2), i2b2-import (>=0.0.1 <=1.5.34) +1 more potentially affected by CVE-2019-12417 via airflow (=0.6.0)

airflow PYPI version =0.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on airflow and may be impacted: - datamorph-workflow-generator =0.0.2 - i2b2-import =0.0.1, =1.5.34 - pandasdb =0.0.10 Source cves: CVE-2019-12417 Source advisory:...

GitLab: Steal private objects of other projects via project import

Summary An attacker could transfer issues, merge requests of another project to the imported project by importing a crafted GitLab export. Steps to reproduce 1. Import the attached tarball as GitLab export. 2. Check the issues page of the imported project. You will see an private issue created by...

WordPress ultimate-faqs plugin input validation error vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ultimate-faqs is a FAQ plugin used in it. An input validation error vulnerability exists in the Functions/EWDUFAQImport.php file in...