35 matches found
Server: XXE in multiple third party components
Multiple third party components of ownCloud are vulnerable to XXE attacks, which may lead to: Local File Disclosure Server Side Request Forgery DoS Code Execution depending on the PHP wrappers … The following libraries are affected: ZendFramework: CVE-2014-2052 GetID3: CVE-2014-2053 PHPExcel:...
CVE-2014-2054
PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity XXE attack...
Xxe
PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity XXE attack...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS. PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of...
CVE-2014-2054
PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity XXE attack...
CVE-2014-2054
PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity XXE attack...
CVE-2014-2054
CVE-2014-2054 affects PHPExcel prior to 1.8.0 when used by ownCloud Server (before 5.0.15 and 6.0.x before 6.0.2). Root cause: libxml external entity loading is not disabled, enabling XML External Entity (XXE) attacks. Impact: potential to read arbitrary files, cause denial of service, and other ...
CVE-2014-2054
PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity XXE attack...
PHPExcel XML外部实体处理漏洞
CVE ID:CVE-2014-2054 PHPExcel是用来操作Office Excel文档的一个PHP类库,它基于微软的OpenXML标准和PHP语言。 PHPExcel在解析XML实体时存在错误,允许攻击者利用漏洞提交包含外部实体引用的XML文档,获取系统文件内容信息。 0 PHPExcel 1.x PHPExcel 1.8.0已经修复该漏洞,建议用户下载更新: https://github.com/PHPOffice/PHPExce...
CVE-2012-3233
CVE-2012-3233 describes an XSS in Kayako Fusion 4.40.1148 via the file path in /__swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php using PATH_INFO . Public advisories note the vulnerability affected Kayako Fusion and were fixed by upgrading to 4.50.1581 ; exploitation requires tha...
Cross-Site Scripting (XSS) in Kayako Fusion
Advisory ID: HTB23095 Product: Kayako Fusion Vendor: Kayako Vulnerable Versions: 4.40.1148 and probably prior Tested Version: 4.40.1148 Vendor Notification: June 6, 2012 Public Disclosure: September 5, 2012 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2012-3233 CVSSv2 Base...
Kayako Fusion 4.40.1148 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Product: Kayako Fusion Vendor: Kayako Vulnerable Versions: 4.40.1148 and probably prior Tested Version: 4.40.1148 Vendor Notification: June 6, 2012 Public Disclosure: September 5, 2012 Vulnerability Type: Cross-Site Scripting CWE-79 CVE...
Kayako Fusion - download.php Cross-Site Scripting
Kayako Fusion - download.php Cross-Site Scripting source: https://www.securityfocus.com/bid/55417/info Kayako Fusion is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in...
SaltOS 3.1 Cross-Site Scripting vulnerability
Advisory: SaltOS 3.1 Cross-Site Scripting vulnerability Advisory ID: SSCHADV2012-018 Author: Stefan Schurtz Affected Software: Successfully tested on SaltOS 3.1 r4908 Vendor URL: http://www.saltos.net Vendor Status: fixed ========================== Vulnerability Description...
SaltOS 3.1 Cross Site Scripting
Advisory: SaltOS 3.1 Cross-Site Scripting vulnerability Advisory ID: SSCHADV2012-018 Author: Stefan Schurtz Affected Software: Successfully tested on SaltOS 3.1 r4908 Vendor URL: http://www.saltos.net Vendor Status: fixed ========================== Vulnerability Description...