CVE-2013-2877

parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service out-of-bounds read via a document that ends abruptly, related to the lack of certain checks for the XMLPARSEREOF state...

Xxe

The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows remote attackers to read arbitrary files via a request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

CVE-2009-5135

The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows remote attackers to read arbitrary files via a request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

[SECURITY] Fedora 19 Update: php-twig-Twig-1.12.3-1.fc19

The flexible, fast, and secure template engine for PHP. Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a...

libxml2 -- lack of end-of-document check DoS

CVE MITRE reports: parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service out-of-bounds read via a document that ends abruptly, related to the lack of certain checks for the XMLPARSEREOF state...

Debian DSA-2659-1 : libapache-mod-security - XML external entity processing vulnerability

Timur Yunusov and Alexey Osipov from Positive Technologies discovered that the XML files parser of ModSecurity, an Apache module whose purpose is to tighten the Web application security, is vulnerable to XML external entities attacks. A specially crafted XML file provided by a remote attacker,...

Design/Logic Flaw

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack...

Debian Security Advisory DSA 2659-1 (libapache-mod-security - XML external entity processing vulnerability)

Timur Yunusov and Alexey Osipov from Positive Technologies discovered that the XML files parser of ModSecurity, an Apache module whose purpose is to tighten the Web application security, is vulnerable to XML external entities attacks. A specially-crafted XML file provided by a remote attacker,...

FreeBSD : php5 -- Multiple vulnerabilities (1d23109a-9005-11e2-9602-d43d7e0c7c02)

The PHP development team reports : PHP does not validate the relationship between the soap.wsdlcachedir directive and the openbasedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. The...

CVE-2013-1643

The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue in the soapxmlParseFile and...

CVE-2013-1643

The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue in the soapxmlParseFile and...

CVE-2013-1643

PHP SOAP parser vulnerability CVE-2013-1643 affects PHP before 5.3.23 and 5.4.x before 5.4.13, where a SOAP WSDL containing an XML external entity declaration combined with an entity reference allows remote attackers to read arbitrary files via soap_xmlParseFile/soap_xmlParseMemory. This is tied ...

ruby -- DoS vulnerability in REXML

Ruby developers report: Unrestricted entity expansion can lead to a DoS vulnerability in REXML. The CVE identifier will be assigned later. We strongly recommend to upgrade ruby. When reading text nodes from an XML document, the REXML parser can be coerced in to allocating extremely large string...

DOMIT! RSS testing_domitrss.php discloses local files

Overview A vulnerability in DOMIT! RSS allows an attacker to read local files. Description DOMIT! RSS is an RSS parser for PHP. DOMIT! RSS includes a test script called testingdomitrss.php. This script writes out the contents of any user-supplied URL to a local file named the MD5 hash of the URL...

Debian: Security Advisory (DSA-2602-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-6702

Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function...

CVE-2012-5134

Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML...

Samba DCE RPC IDL Parser Out-of-bounds Array Access (CVE-2012-1182)

An out-of-bounds array access vulnerability has been reported in Samba...

[SECURITY] Fedora 18 Update: ocaml-xml-light-2.3-0.1.svn234.fc18

Xml-Light is a minimal XML parser & printer for OCaml. It provides functions to parse an XML document into an OCaml data structure, work with it, and print it back to an XML document. It support also DTD parsing and checking, and is entirely written in OCaml, hence it does not require additional ...

CVE-2012-4885

The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service infinite loop via certain input, as demonstrated by the padleft function...