Lucene search
K

161 matches found

Cvelist
Cvelist
added 2014/10/06 11:0 p.m.26 views

CVE-2014-1868

Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion XEE attack...

6.5AI score0.01336EPSS
Exploits0References3
CVE
CVE
added 2014/10/06 11:0 p.m.66 views

CVE-2014-1868

The affected software is Restlet Framework, specifically version 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1. The root cause is processing XML with XMLRepresentation or XML serializers that allows an XML Entity Expansion (XEE) attack, leading to denial of service. No exploit details are provided....

5CVSS6.7AI score0.01336EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2014/09/04 5:55 p.m.16 views

CVE-2014-3574

Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service CPU consumption and crash via a crafted OOXML file, aka an XML Entity Expansion XEE attack...

4.3CVSS5.3AI score0.07395EPSS
Exploits0References13
UbuntuCve
UbuntuCve
added 2014/09/04 5:55 p.m.24 views

CVE-2014-3574

Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service CPU consumption and crash via a crafted OOXML file, aka an XML Entity Expansion XEE attack...

4.3CVSS6.8AI score0.07395EPSS
Exploits0References6
CVE
CVE
added 2014/09/04 5:0 p.m.101 views

CVE-2014-3574

Apache POI is affected by CVE-2014-3574. Affected versions: POI before 3.10.1 and 3.11.x before 3.11-beta2. Root cause: XML Entity Expansion (XEE) in OOXML processing. Impact: remote attacker can cause a denial of service via crafted OOXML files (CPU consumption and crash). Remediation: upgrade t...

4.3CVSS6.7AI score0.07395EPSS
Exploits0References13Affected Software1
Amazon
Amazon
added 2014/07/23 12:0 a.m.37 views

Important: php-ZendFramework

Issue Overview: The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the ZendOpenIdConsumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass...

7.5CVSS10AI score0.02802EPSS
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.58 views

SharePoint 2007/2010 and DotNetNuke < 6 - File disclosure via XEE

No description provided by source. Exploit Title: File disclosure via XEE in SharePoint and DotNetNuke Date: September 15, 2011 Author: Nicolas Gregoire Version: SharePoint 2007 / 2010, DotNetNuke 6 CVE : CVE-2011-1892 poc filename: xee.xml !DOCTYPE doc !ENTITY boom SYSTEM...

4CVSS6.4AI score0.38332EPSS
Exploits6
securityvulns
securityvulns
added 2014/05/05 12:0 a.m.81 views

[ MDVSA-2014:072 ] php-ZendFramework

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:072 http://www.mandriva.com/en/support/security/ Package : php-ZendFramework Date : April 9, 2014 Affected: Business Server 1.0 Problem Description: Updated php-ZendFramework packages fix security...

7.5CVSS9.8AI score0.02802EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/04/10 12:0 a.m.26 views

Mandriva Linux Security Advisory : php-ZendFramework (MDVSA-2014:072)

Updated php-ZendFramework packages fix security vulnerabilities : XML eXternal Entity XXE and XML Entity Expansion XEE flaws were discovered in the Zend Framework. An attacker could use these flaws to cause a denial of service, access files accessible to the server process, or possibly perform...

7.5CVSS8.6AI score0.02802EPSS
Exploits0References6
Mageia
Mageia
added 2014/04/03 12:43 a.m.56 views

Updated php-ZendFramework packages fix multiple vulnerabilities

Updated php-ZendFramework packages fix security vulnerabilities: XML eXternal Entity XXE and XML Entity Expansion XEE flaws were discovered in the Zend Framework. An attacker could use these flaws to cause a denial of service, access files accessible to the server process, or possibly perform oth...

7.5CVSS9.6AI score0.02802EPSS
Exploits0References6
Friends Of PHP
Friends Of PHP
added 2014/02/26 10:13 p.m.28 views

XEE issue that could expose local files or easily trigger a DOS attack.

XXE security issue. Issue 414...

7.5CVSS6.2AI score0.02228EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/02/26 4:2 p.m.12 views

Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse

More info at https://framework.zend.com/security/advisory/ZF2014-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/02/26 4:2 p.m.14 views

Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse

More info at https://framework.zend.com/security/advisory/ZF2014-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/02/26 4:2 p.m.10 views

Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse

More info at https://framework.zend.com/security/advisory/ZF2014-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/02/26 4:2 p.m.12 views

Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse

More info at https://framework.zend.com/security/advisory/ZF2014-01...

7.2AI score
Exploits0Affected Software1
CVE
CVE
added 2013/12/23 10:0 p.m.89 views

CVE-2013-4549

CVE-2013-4549 affects QXmlSimpleReader in Qt prior to 5.2, where an XML Entity Expansion (XEE) attack can cause memory consumption leading to a denial of service. The initial record lists this CVE with a base CVSSv2 score of 5.0 (MEDIUM) and vectors AV:N/AC:L/Au:N/C:N/I:N/A:P, indicating network ...

5CVSS5.8AI score0.03105EPSS
Exploits0References13Affected Software2
CVE
CVE
added 2013/12/12 6:0 p.m.114 views

CVE-2013-1812

CVE-2013-1812 affects the ruby-openid gem for Ruby, with the vendor reference stating: “before 2.2.2 … allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.” The linked advisories confirm the issue ...

4.3CVSS6.5AI score0.02132EPSS
Exploits1References7Affected Software1
UbuntuCve
UbuntuCve
added 2013/12/05 12:0 a.m.30 views

CVE-2013-4549

QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service memory consumption via an XML Entity Expansion XEE attack...

5CVSS6.4AI score0.03105EPSS
Exploits0References4
NVD
NVD
added 2013/09/16 7:14 p.m.29 views

CVE-2013-4179

The security group extension in OpenStack Compute Nova Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664...

4.3CVSS9.2AI score0.02703EPSS
Exploits1References3
Prion
Prion
added 2013/09/16 7:14 p.m.29 views

Security feature bypass

The security group extension in OpenStack Compute Nova Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664...

4.3CVSS6.7AI score0.04863EPSS
Exploits2References3Affected Software2
Rows per page
Query Builder