6 matches found
libxml: Type confusion leads to Denial of service (DoS)
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined...
CVE-2024-51093
Stored Cross-Site Scripting XSS vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can lead to privilege escalation when the payload is executed, granting the attacker super admin permissions within the Snipe-IT system...
Exploit for Deserialization of Untrusted Data in Apache Activemq
Resumen TΓ©cnico del Ataque: CVE-2023-46604 El script explota un...
CVE-2022-24612
An authenticated user can upload an XML file containing an XSS via the ITSM module of EyesOfNetwork 5.3.11, resulting in a stored XSS...
XML External Entities (XXE)
nifi-lookup-services is vulnerable to XML external entities XXE. The vulnerability exists as the XMLFileLookupService allowed trusted users to use a malicious XML file to cause information such as the versions of Java, Jersey, and Apache to be revealed...
CVE-2019-10080
The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE and reveal information such as the versions of Java, Jersey, and Apache that the NiFI...