54 matches found
MyServer 0.8.9 Filename Parse Error Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24571/info MyServer is prone to an information-disclosure vulnerability. An attacker can exploit this issue to access sensitive information that may lead to further attacks. This issue affects MyServer 0.8.9; other versio...
Microsoft Internet Explorer 5/6 MSXML XML File Parsing Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7938/info A vulnerability has been reported for the Microsoft Internet Explorer that may result in cross-site scripting attacks. If IE, using the MSXML parser, is unable to parse the requested XML file, it will display a...
Updated springframework package fixes security vulnerabilities
It was discovered by the Spring development team that the fix for the XML External Entity XXE Injection CVE-2013-4152 in the Spring Framework was incomplete. Spring MVC's SourceHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option ...
Debian DSA-2857-1 : libspring-java - several vulnerabilities
It was discovered by the Spring development team that the fix for the XML External Entity XXE Injection CVE-2013-4152 in the Spring Framework was incomplete. Spring MVC's SourceHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option ...
Debian Security Advisory DSA 2857-1 (libspring-java - several vulnerabilities)
It was discovered by the Spring development team that the fix for the XML External Entity XXE Injection CVE-2013-4152 in the Spring Framework was incomplete. Spring MVC's SourceHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option ...
Design/Logic Flaw
Cisco IOS 12.424MDB9 and earlier on Content Services Gateway CSG devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID CSCug90143...
Microsoft Office Excel Drawing Exception Handling Code Execution (MS10-087; CVE-2010-3335)
Microsoft Excel is a popular spreadsheet application. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. A memory corruption vulnerability has been identified in Microsoft...
xpdf: array indexing error in FoFiType1::parse()
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code v...
Microsoft Office Excel Featheader Record Memory Corruption (MS09-067; CVE-2009-3129)
Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in Microsoft Excel. The vulnerability is due to an error in Microsoft Office Excel that fails to properly parse the Excel spreadsheet file format. A remote attacker could trigger this...
SHTTPD 1.38 - Filename Parse Error Information Disclosure
SHTTPD 1.38 - Filename Parse Error Information Disclosure source: https://www.securityfocus.com/bid/24618/info SHTTPD is prone to an information-disclosure vulnerability. An attacker can exploit this issue to access sensitive information that may lead to further attacks. This issue affects SHTTPD...
SHTTPD 1.38 - Filename Parse Error Information Disclosure
source: https://www.securityfocus.com/bid/24618/info SHTTPD is prone to an information-disclosure vulnerability. An attacker can exploit this issue to access sensitive information that may lead to further attacks. This issue affects SHTTPD 1.38; other versions may also be affected...
MyServer 0.8.9 - Filename Parse Error Information Disclosure
MyServer 0.8.9 - Filename Parse Error Information Disclosure source: https://www.securityfocus.com/bid/24571/info MyServer is prone to an information-disclosure vulnerability. An attacker can exploit this issue to access sensitive information that may lead to further attacks. This issue affects...
MyServer 0.8.9 - Filename Parse Error Information Disclosure
source: https://www.securityfocus.com/bid/24571/info MyServer is prone to an information-disclosure vulnerability. An attacker can exploit this issue to access sensitive information that may lead to further attacks. This issue affects MyServer 0.8.9; other versions may also be affected...
Microsoft Internet Explorer 5/6 - MSXML XML File Parsing Cross-Site Scripting
source: https://www.securityfocus.com/bid/7938/info A vulnerability has been reported for the Microsoft Internet Explorer that may result in cross-site scripting attacks. If IE, using the MSXML parser, is unable to parse the requested XML file, it will display a parse error that also includes the...