22 matches found
EUVD-2016-1013
Malware in sbrugna...
CVE-2016-1000004
Insufficient type checks were employed prior to casting input data in SimpleXMLElementexportNode and simplexmlimportdom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 inclusive, and all versions between 3.13.0 and 3.14.1 inclusive...
GHSA-229X-22XC-2F2W Zendframework Local file disclosure via XXE injection in Zend_XmlRpc
ZendXmlRpc is vulnerable to XML eXternal Entity XXE Injection attacks. The SimpleXMLElement class SimpleXML PHP extension is used in an insecure way to parse XML data. External entities can be specified by adding a specific DOCTYPE element to XML-RPC requests. By exploiting this vulnerability an...
Zendframework Local file disclosure via XXE injection in Zend_XmlRpc
ZendXmlRpc is vulnerable to XML eXternal Entity XXE Injection attacks. The SimpleXMLElement class SimpleXML PHP extension is used in an insecure way to parse XML data. External entities can be specified by adding a specific DOCTYPE element to XML-RPC requests. By exploiting this vulnerability an...
GHSA-H5P3-7MG6-HGJ4 Zend Framework XEE Vulnerability
1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC...
Zend Framework XXE Vulnerability
ZendXmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML...
GHSA-6M27-7CQJ-2MXW Shopware XXE Vulnerability
Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction method of the ShopwareControllersBackendProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object...
CVE-2016-1000004
Insufficient type checks were employed prior to casting input data in SimpleXMLElementexportNode and simplexmlimportdom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 inclusive, and all versions between 3.13.0 and 3.14.1 inclusive...
CVE-2017-18357
Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction method of the ShopwareControllersBackendProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object...
CVE-2017-18357
Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction method of the ShopwareControllersBackendProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object...
PHP 5.6.x < 5.6.27 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.27. It is, therefore, affected by multiple vulnerabilities : - A NULL pointer dereference flaw exists in the SimpleXMLElement::asXML function within file ext/simplexml/simplexml.c. An unauthenticate...
PHP 7.0.x < 7.0.12 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.12. It is, therefore, affected by multiple vulnerabilities : - A NULL pointer dereference flaw exists in the SimpleXMLElement::asXML function within file ext/simplexml/simplexml.c. An unauthenticate...
Tenable SecurityCenter PHP < 5.6.27 Multiple Vulnerabilities
The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of PHP : - A use-after-free error exists in the unserialize function that allows an unauthenticated, remote attacker to...
PHP 7.0.x < 7.0.12 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.12. It is, therefore, affected by multiple vulnerabilities : - A NULL pointer dereference flaw exists in the SimpleXMLElement::asXML function within file ext/simplexml/simplexml.c. An unauthenticate...
PHP 5.6.x < 5.6.27 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.27. It is, therefore, affected by multiple vulnerabilities : - A NULL pointer dereference flaw exists in the SimpleXMLElement::asXML function within file ext/simplexml/simplexml.c. An unauthenticate...
Pornhub: [RCE] Unserialize to XXE - file disclosure on ams.upload.pornhub.com
Researcher was able to exploit a serialization error in the SimpleXMLElement class to perform object injection using the callbackUrl parameter. Researcher was successful in achieving the following: SSRF Local file inclusion Limited execution of database commands without output I exploited the...
CVE-2012-6531
1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC...
FreeBSD : Zend Framework -- Multiple vulnerabilities via XXE injection (ec34d0c2-1799-11e2-b4ab-000c29033c32)
The Zend Framework team reports : The XmlRpc package of Zend Framework is vulnerable to XML eXternal Entity Injection attacks both server and client. The SimpleXMLElement class SimpleXML PHP extension is used in an insecure way to parse XML data. External entities can be specified by adding a...
Zend Framework 2.0.0 beta4 1.12 RC1 1.11.11 - Local File Disclosure
Zend Framework 2.0.0 beta4 1.12 RC1 1.11.11 - Local File Disclosure SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local file disclosure via XXE injection product: Zend Framework vulnerable version: 1.11.11 1.12.0 RC1...
Zend Framework Local File Disclosure
No description provided by source. SEC Consult Vulnerability Lab Security Advisory 20120626-0 ======================================================================= title: Local file disclosure via XXE injection product: Zend Framework vulnerable version: 1.11.11 1.12.0 RC1 2.0.0 beta4 and earli...