63 matches found
XML External Entity (XXE) injection in Spring Framework
It was identified that Spring MVC processed user provided XML with JAXB in combination with a StAX XMLInputFactory without disabling external entity resolution. External entity resolution has been disabled in this case. It was subsequently discovered that this fix was incomplete CVE-2013-6429,...
Multiple Cross-Site-Scripting vulnerabilities in x3cms
Advisory: Multiple Cross-Site-Scripting vulnerabilities in x3cms Advisory ID: INFOSERVE-ADV2011-04 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on x3cms 0.4.3 other versions may also be affected Vendor URL: http://www.x3cms.net/ Vendor Status: Parti...
freetype: integer overflow vulnerability due to incomplete fix for CVE-2006-1861
Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861...