Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler

The 1 UpdateRequestHandler for XSLT or 2 XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, different...

Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

DEBIAN-CVE-2013-6408

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Enti...

DEBIAN-CVE-2013-6407

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

ZDI-10-136: Novell Teaming ajaxUploadImageFile Remote Code Execution Vulnerability

ZDI-10-136: Novell Teaming ajaxUploadImageFile Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-136 July 21, 2010 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Novell -- Affected Products: Novell Access Manager -- TippingPointTM IPS Customer...

Ubuntu Update for php5 vulnerabilities USN-462-1

Ubuntu Update for Linux kernel vulnerabilities USN-462-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4621.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for php5 vulnerabilities USN-462-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

CVE-2009-0027

The request handler in JBossWS in JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read...

CVE-2009-0365

nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover 1 network connection passwords and 2 pre-shared keys via calls to the GetSecrets method in the dbus request handler...

Design/Logic Flaw

nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover 1 network connection passwords and 2 pre-shared keys via calls to the GetSecrets method in the dbus request handler...

CVE-2009-0365

nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover 1 network connection passwords and 2 pre-shared keys via calls to the GetSecrets method in the dbus request handler...

NOD32 3.0/ESET Smart Security < 3.0.684 Local Privilege Escalation

NOD32 3.0/ESET Smart Security is installed on the remote host. The installed version is older than 3.0.684. Such versions are reportedly affected by a local privilege escalation issue. By sending a specially crafted request to an IOCTL request handler in 'epfw.sys', a local user may be able to...

CVE-2005-3745

Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...

CVE-2004-0882

Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2QFILEPATHINFO request with a small "maximum data bytes" value...