Lucene search
K

35 matches found

OwnCloud
OwnCloud
added 2014/07/03 2:0 a.m.71 views

Server: XXE in multiple third party components

Multiple third party components of ownCloud are vulnerable to XXE attacks, which may lead to: Local File Disclosure Server Side Request Forgery DoS Code Execution depending on the PHP wrappers … The following libraries are affected: ZendFramework: CVE-2014-2052 GetID3: CVE-2014-2053 PHPExcel:...

7.5CVSS1.6AI score0.04681EPSS
Exploits2Affected Software1
NVD
NVD
added 2014/06/04 2:55 p.m.39 views

CVE-2014-2054

PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity XXE attack...

7.5CVSS7.3AI score0.01538EPSS
Exploits1References2
Prion
Prion
added 2014/06/04 2:55 p.m.24 views

Xxe

PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity XXE attack...

7.5CVSS7.9AI score0.01538EPSS
Exploits1References2Affected Software2
Snyk
Snyk
added 2014/06/04 2:55 p.m.3 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of...

7.5CVSS7.7AI score0.01538EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2014/06/04 2:55 p.m.3 views

CVE-2014-2054

PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity XXE attack...

7.5CVSS6AI score0.01538EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2014/06/04 2:55 p.m.31 views

CVE-2014-2054

PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity XXE attack...

7.5CVSS7.3AI score0.01538EPSS
Exploits1References3
CVE
CVE
added 2014/06/04 2:0 p.m.207 views

CVE-2014-2054

CVE-2014-2054 affects PHPExcel prior to 1.8.0 when used by ownCloud Server (before 5.0.15 and 6.0.x before 6.0.2). Root cause: libxml external entity loading is not disabled, enabling XML External Entity (XXE) attacks. Impact: potential to read arbitrary files, cause denial of service, and other ...

7.5CVSS7.4AI score0.01538EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2014/06/04 2:0 p.m.33 views

CVE-2014-2054

PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity XXE attack...

7.2AI score0.01538EPSS
Exploits1References2
seebug.org
seebug.org
added 2014/03/18 12:0 a.m.1054 views

PHPExcel XML外部实体处理漏洞

CVE ID:CVE-2014-2054 PHPExcel是用来操作Office Excel文档的一个PHP类库,它基于微软的OpenXML标准和PHP语言。 PHPExcel在解析XML实体时存在错误,允许攻击者利用漏洞提交包含外部实体引用的XML文档,获取系统文件内容信息。 0 PHPExcel 1.x PHPExcel 1.8.0已经修复该漏洞,建议用户下载更新: https://github.com/PHPOffice/PHPExce...

7.5CVSS6.6AI score0.01538EPSS
Exploits1
CVE
CVE
added 2012/09/15 5:0 p.m.63 views

CVE-2012-3233

CVE-2012-3233 describes an XSS in Kayako Fusion 4.40.1148 via the file path in /__swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php using PATH_INFO . Public advisories note the vulnerability affected Kayako Fusion and were fixed by upgrading to 4.50.1581 ; exploitation requires tha...

4.3CVSS5.9AI score0.02003EPSS
Exploits3References8Affected Software1
securityvulns
securityvulns
added 2012/09/07 12:0 a.m.64 views

Cross-Site Scripting (XSS) in Kayako Fusion

Advisory ID: HTB23095 Product: Kayako Fusion Vendor: Kayako Vulnerable Versions: 4.40.1148 and probably prior Tested Version: 4.40.1148 Vendor Notification: June 6, 2012 Public Disclosure: September 5, 2012 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2012-3233 CVSSv2 Base...

4.3CVSS6.5AI score0.02003EPSS
Exploits3
0day.today
0day.today
added 2012/09/06 12:0 a.m.68 views

Kayako Fusion 4.40.1148 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Product: Kayako Fusion Vendor: Kayako Vulnerable Versions: 4.40.1148 and probably prior Tested Version: 4.40.1148 Vendor Notification: June 6, 2012 Public Disclosure: September 5, 2012 Vulnerability Type: Cross-Site Scripting CWE-79 CVE...

7.1AI score0.02003EPSS
Exploits3
exploitpack
exploitpack
added 2012/09/05 12:0 a.m.28 views

Kayako Fusion - download.php Cross-Site Scripting

Kayako Fusion - download.php Cross-Site Scripting source: https://www.securityfocus.com/bid/55417/info Kayako Fusion is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.77 views

SaltOS 3.1 Cross-Site Scripting vulnerability

Advisory: SaltOS 3.1 Cross-Site Scripting vulnerability Advisory ID: SSCHADV2012-018 Author: Stefan Schurtz Affected Software: Successfully tested on SaltOS 3.1 r4908 Vendor URL: http://www.saltos.net Vendor Status: fixed ========================== Vulnerability Description...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2012/08/24 12:0 a.m.17 views

SaltOS 3.1 Cross Site Scripting

Advisory: SaltOS 3.1 Cross-Site Scripting vulnerability Advisory ID: SSCHADV2012-018 Author: Stefan Schurtz Affected Software: Successfully tested on SaltOS 3.1 r4908 Vendor URL: http://www.saltos.net Vendor Status: fixed ========================== Vulnerability Description...

7.4AI score
Exploits0
Rows per page
Query Builder