54 matches found
DEBIAN-CVE-2017-16931
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...
CVE-2017-16931
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...
CVE-2017-16931
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...
CVE-2017-16931
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...
CVE-2017-16931
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...
USN-3424-1: libxml2 vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code...
USN-3424-1: libxml2 vulnerabilities
It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. CVE-2017-0663 It was discovered that libxml2 did not properly validate parsed entity references. An...
USN-3424-1 libxml2 vulnerabilities
It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. CVE-2017-0663 It was discovered that libxml2 did not properly validate parsed entity references. An...
Ubuntu: Security Advisory (USN-3424-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
The version of libxml2 packaged with Nokogiri contains several vulnerabilities. Nokogiri has mitigated these issues by upgrading to libxml 2.9.5. It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial ...
XML Entity Cheatsheet - Updated
An XML Entity testing cheatsheet. This is an updated version with nokogiri tests removed, just XXE notes. XML Declarations: 1 2 | ---|--- Vanilla entity test: 1 | &post ---|--- SYSTEM entity test xxe: 1 | ---|--- Parameter Entity. One of the benefits is a paremeter entity is automatically expande...
ruby: REXML billion laughs attack via parameter entity expansion
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...
XML Entity Cheatsheet
An XML Entity testing cheatsheet. Testing was done using an older vulnerable version of nokogiri. In IRB you can require previous versions of gems. Certain techniques e.g. XInclude may require additional settings in Nokogiri. XML Headers: 1 2 | ---|--- Vanilla entity test: 1 | ---|--- SYSTEM enti...
XML Entity Cheatsheet
An XML Entity testing cheatsheet. Testing was done using an older vulnerable version of nokogiri. In IRB you can require previous versions of gems. Certain techniques e.g. XInclude may require additional settings in Nokogiri. XML Headers: 1 2 | ---|--- Vanilla entity test: 1 | &post ---|--- SYSTE...