Lucene search
+L

9 matches found

Github Security Blog
Github Security Blog
added 2025/05/05 8:40 p.m.20 views

Langroid Allows XXE Injection via XMLToolMessage

Summary A LLM application leveraging XMLToolMessage class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Details XMLToolMessage uses lxml without safeguards:...

9.1CVSS6.8AI score0.00545EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2024/05/28 5:42 a.m.13 views

Denial Of Service (DoS)

silverstripe/framework is vulnerable to Denial Of Service DoS. The vulnerability is due to missing XML size checks, which allows an attacker to significantly degrade the performance of the site through a Quadratic Blowup Attack...

6.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/05/23 2:49 p.m.10 views

SilverStripe framework XML Quadratic Blowup Attack

A low level vulnerability has been found in the SilverStripe framework, where the Quadratic Blowup Attack could potentially be exploited to affect the performance of a site. See http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/ for a writeup...

7AI score
Exploits0References4Affected Software1
OSV
OSV
added 2024/05/23 2:49 p.m.8 views

GHSA-G43W-98WP-M694 SilverStripe framework XML Quadratic Blowup Attack

A low level vulnerability has been found in the SilverStripe framework, where the Quadratic Blowup Attack could potentially be exploited to affect the performance of a site. See http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/ for a writeup...

5.3CVSS7AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/23 12:0 a.m.3 views

PT-2024-40280 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: SilverStripe framework affected versions not specified Description: A low-level issue has been found in the framework, where the Quadratic Blowup Attack could potentially be exploited to affect the performance of a site. Recommendations: At t...

5.3CVSS6.8AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/12/07 4:15 p.m.6 views

CVE-2023-49967

Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc...

7.5CVSS7AI score0.00756EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2022/08/11 6:6 p.m.34 views

mofh Vulnerable to Improper Restriction of XML External Entity Reference

The xml.etree.ElementTree module that mofh used up until version 1.0.1 implements a simple and efficient API for parsing and creating XML data. But it makes the application vulnerable to: - Billion Laughs attack: It is a type of denial-of-service attack aimed at XML parsers. It uses multiple leve...

1.5AI score
Exploits0References4Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/08/12 11:50 a.m.9 views

SS-2014-017: XML Quadratic Blowup Attack

More info at https://www.silverstripe.org/software/download/security-releases/ss-2014-017-xml-quadratic-blowup-attack/...

7.2AI score
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2014/08/06 10:4 p.m.10 views

Millions of WordPress and Drupal Websites Vulnerable to DoS Attack

Users running the website on a self-hosted WordPress or on Drupal are strongly recommended to update their websites to the latest version immediately. A moderately critical vulnerability was discovered in the way Drupal and WordPress implement XMLRPC, which can lead an attacker to disable your...

6.6AI score
Exploits0
Rows per page
Query Builder