CentOS Update for xalan-j2 CESA-2014:0348 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for xalan-j2 CESA-2014:0348 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for xalan-j2 RHSA-2014:0348-01

Check for the Version of xalan-j2 OpenVAS Vulnerability Test RedHat Update for xalan-j2 RHSA-2014:0348-01 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

RedHat Update for xalan-j2 RHSA-2014:0348-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 5 / 6 : xalan-j2 (CESA-2014:0348)

Updated xalan-j2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

xalan security update

CentOS Errata and Security Advisory CESA-2014:0348 Updated xalan-j2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS...

Scientific Linux Security Update : xalan-j2 on SL5.x, SL6.x i386/x86_64 (20140401)

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...

Important: Red Hat Security Advisory: xalan-j2 security update

Updated xalan-j2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

Xalan-Java: insufficient constraints in secure processing feature

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...

PT-2014-1795 · Apache +5 · Apache Xalan-Java +5

Name of the Vulnerable Software and Affected Versions: Apache Xalan-Java versions prior to 2.7.2 Description: The issue allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted xalan:content-header, xalan:entities,...

Apache Xalan-Java FEATURE_SECURE_PROCESSIN属性处理安全绕过漏洞

CVE ID:CVE-2014-0107 Apache Xalan-Java是一个使用Java和C++来实现XSLT库的项目。 Apache Xalan-Java处理部分输出属性时存在错误，允许攻击者利用漏洞绕过安全处理特性FEATURESECUREPROCESSING，可访问受限属性或加载任意受限类。 0 Apache Xalan-Java 2.7.0 用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： https://issues.apache.org/jira/browse/XALANJ-2435...

[oCERT-2014-002] Xalan-Java insufficient secure processing

2014-002 Xalan-Java insufficient secure processing Description: The Xalan-Java library is a popular XSLT processor from the Apache Software Foundation. The library implements the Java API for XML Processing JAXP which supports a secure processing feature for interpretive and XSLCT processors. The...

Debian Security Advisory DSA 2886-1 (libxalan2-java - security update)

Nicolas Gregoire discovered several vulnerabilities in libxalan2-java, a Java library for XSLT processing. Crafted XSLT programs could access system properties or load arbitrary classes, resulting in information disclosure and, potentially, arbitrary code execution. OpenVAS Vulnerability Test $Id...

Code injection

Hannon Hill Cascade Server 5.7 and other versions allows remote authenticated users to execute arbitrary programs or Java code via a crafted XSLT stylesheet with "extension elements and extension functions" that trigger code execution by Xalan-Java, as demonstrated using xalan://java.lang.Runtime...

CVE-2009-1088

Hannon Hill Cascade Server 5.7 and other versions allows remote authenticated users to execute arbitrary programs or Java code via a crafted XSLT stylesheet with "extension elements and extension functions" that trigger code execution by Xalan-Java, as demonstrated using xalan://java.lang.Runtime...

Command Execution in Hannon Hill Cascade Server

Emory University UTS Security Advisory EMORY-2009-01 Topic: Command Execution in Hannon Hill Cascade Server Original release date: March 19, 2009 SUMMARY ======= Hannon Hill's Cascade Server product is vulnerable to a command execution vulnerability. An attacker with access to an unprivileged...

Hannon Hill Cascade Server Command Execution Vulnerability (post auth)

Exploit for cgi platform in category web applications ====================================================================== Hannon Hill Cascade Server Command Execution Vulnerability post auth ====================================================================== Emory University UTS Security...

Hannon Hill Cascade Server - (Authenticated) Command Execution

Emory University UTS Security Advisory EMORY-2009-01 Topic: Command Execution in Hannon Hill Cascade Server Original release date: March 19, 2009 SUMMARY ======= Hannon Hill's Cascade Server product is vulnerable to a command execution vulnerability. An attacker with access to an unprivileged...