161 matches found
CVE-2014-1868
Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion XEE attack...
CVE-2014-1868
The affected software is Restlet Framework, specifically version 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1. The root cause is processing XML with XMLRepresentation or XML serializers that allows an XML Entity Expansion (XEE) attack, leading to denial of service. No exploit details are provided....
CVE-2014-3574
Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service CPU consumption and crash via a crafted OOXML file, aka an XML Entity Expansion XEE attack...
CVE-2014-3574
Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service CPU consumption and crash via a crafted OOXML file, aka an XML Entity Expansion XEE attack...
CVE-2014-3574
Apache POI is affected by CVE-2014-3574. Affected versions: POI before 3.10.1 and 3.11.x before 3.11-beta2. Root cause: XML Entity Expansion (XEE) in OOXML processing. Impact: remote attacker can cause a denial of service via crafted OOXML files (CPU consumption and crash). Remediation: upgrade t...
Important: php-ZendFramework
Issue Overview: The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the ZendOpenIdConsumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass...
SharePoint 2007/2010 and DotNetNuke < 6 - File disclosure via XEE
No description provided by source. Exploit Title: File disclosure via XEE in SharePoint and DotNetNuke Date: September 15, 2011 Author: Nicolas Gregoire Version: SharePoint 2007 / 2010, DotNetNuke 6 CVE : CVE-2011-1892 poc filename: xee.xml !DOCTYPE doc !ENTITY boom SYSTEM...
[ MDVSA-2014:072 ] php-ZendFramework
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:072 http://www.mandriva.com/en/support/security/ Package : php-ZendFramework Date : April 9, 2014 Affected: Business Server 1.0 Problem Description: Updated php-ZendFramework packages fix security...
Mandriva Linux Security Advisory : php-ZendFramework (MDVSA-2014:072)
Updated php-ZendFramework packages fix security vulnerabilities : XML eXternal Entity XXE and XML Entity Expansion XEE flaws were discovered in the Zend Framework. An attacker could use these flaws to cause a denial of service, access files accessible to the server process, or possibly perform...
Updated php-ZendFramework packages fix multiple vulnerabilities
Updated php-ZendFramework packages fix security vulnerabilities: XML eXternal Entity XXE and XML Entity Expansion XEE flaws were discovered in the Zend Framework. An attacker could use these flaws to cause a denial of service, access files accessible to the server process, or possibly perform oth...
XEE issue that could expose local files or easily trigger a DOS attack.
XXE security issue. Issue 414...
Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse
More info at https://framework.zend.com/security/advisory/ZF2014-01...
Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse
More info at https://framework.zend.com/security/advisory/ZF2014-01...
Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse
More info at https://framework.zend.com/security/advisory/ZF2014-01...
Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse
More info at https://framework.zend.com/security/advisory/ZF2014-01...
CVE-2013-4549
CVE-2013-4549 affects QXmlSimpleReader in Qt prior to 5.2, where an XML Entity Expansion (XEE) attack can cause memory consumption leading to a denial of service. The initial record lists this CVE with a base CVSSv2 score of 5.0 (MEDIUM) and vectors AV:N/AC:L/Au:N/C:N/I:N/A:P, indicating network ...
CVE-2013-1812
CVE-2013-1812 affects the ruby-openid gem for Ruby, with the vendor reference stating: “before 2.2.2 … allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.” The linked advisories confirm the issue ...
CVE-2013-4549
QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service memory consumption via an XML Entity Expansion XEE attack...
CVE-2013-4179
The security group extension in OpenStack Compute Nova Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664...
Security feature bypass
The security group extension in OpenStack Compute Nova Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664...