2 matches found
libquartz: XXE attacks via job description
The Terracotta Quartz Scheduler is susceptible to an XML external entity attack XXE through a job description. This issue stems from inadequate handling of XML external entity XXE declarations in the initDocumentParser function within xml/XMLSchedulingDataProcessor.java. By enticing a victim to...
CVE-2019-1903
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service DoS condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending maliciou...