EUVD-2006-5376

Malware in sbrugna...

Improper Input Validation in XFire

Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof...

GHSA-5JC8-8XHV-G8QM Improper Input Validation in XFire

Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof...

com.amazon.aes.webservices.client:ec2-java-client (=20080327), com.github.liuzhenghui:weaver-ecology-parent (>=9.00.2110.07.220316 <=9.00.2112.03.220528) +60 more potentially affected by CVE-2012-5817 via org.codehaus.xfire:xfire-core (>=1.0 <=1.2.6)

org.codehaus.xfire:xfire-core MAVEN version =1.0, =9.00.2110.07.220316, =0.0.9, =0.0.3, =0.0.3, =0.0.3, =0.0.3, =0.0.3, =0.0.3, =0.3.0 - com.github.rapidark:rapidark =0.0.3 and more Source cves: CVE-2012-5817 Source advisory: OSV:GHSA-5JC8-8XHV-G8QM...

万户OA xfire xml实体注入漏洞

xfire xml实体注入 webservice使用了xfire框架，存在xxe漏洞 jmx-console 存在默认口令: admin/ezoffice，网上搜一下基本没改。...

Arbitrary File Read Vulnerability in Xfire Java Web Services Engine

XFire is a new generation of Java Web services engine . Xfire Java Web Service Engine has an arbitrary file read vulnerability, which uses STAX to parse XML during invoke resulting in XML entity injection, which can be exploited by an attacker to read arbitrary files...

Xfire <= 1.6.4 - Remote Denial of Service Exploit (pl)

No description provided by source. !/usr/bin/perl Moderator of http://igniteds.net X fire version:new Release 1.64 12th, 2006 Vendors web site http://www.xfire.com/ remote exploit coded by: n00b.. Credit's to n00b for finding this bug.. Xfire client has a dos exploit closing the client upon succe...

Parsing of external XML entities can be exploited to retrieve files or make HTTP requests on the target network

h3. Description This issue has been assigned CVE-2013-3925 by Mitre Corporation. Previously reported issue CVE-2012-2926 August 2012, CVSS score 6.4 was patched by introducing a new XFire servlet component into Crowd. The new component disables external entity resolution during XML parsing. The n...

Parsing of external XML entities can be exploited to retrieve files or make HTTP requests on the target network

h3. Description This issue has been assigned CVE-2013-3925 by Mitre Corporation. Previously reported issue CVE-2012-2926 August 2012, CVSS score 6.4 was patched by introducing a new XFire servlet component into Crowd. The new component disables external entity resolution during XML parsing. The n...

CVE-2012-5817

Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof...

Code injection

Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof...

CVE-2012-5817

Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof...

CVE-2012-5817

Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, fails to verify that the server hostname matches the CN/subjectAltName in the X.509 certificate, enabling MITM spoofing with an arbitrary valid certificate. Impact is described as spoofing SSL s...

PT-2012-6129 · Codehaus · Xfire

Name of the Vulnerable Software and Affected Versions: Codehaus XFire versions 1.2.6 and earlier Description: The issue allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate because it does not verify that the server hostname matches a domain name in the...

Xfire &lt;= 1.6.4 (Malicious Request) Remote Denial of Service Exploit (pl)

No description provided by source. !/usr/bin/perl Moderator of http://igniteds.net X fire version:new Release 1.64 12th, 2006 Vendors web site http://www.xfire.com/ remote exploit coded by: n00b.. Credit's to n00b for finding this bug.. Xfire client has a dos exploit closing the client upon succe...

CVE-2006-5391

Xfire 1.64 and earlier allows remote attackers to cause a denial of service client application crash via a long string to UDP port 25777...

CVE-2006-5391

Xfire 1.64 and earlier allows remote attackers to cause a denial of service client application crash via a long string to UDP port 25777...

CVE-2006-5391

Xfire 1.64 and earlier is affected by CVE-2006-5391. An attacker can remotely cause a denial of service by sending a long string to UDP port 25777, triggering a client application crash. The available documents state the vulnerability and impact but do not provide details on root cause beyond the...

Xfire 1.6.4 - Remote Denial of Service

!/usr/bin/perl Moderator of http://igniteds.net X fire version:new Release 1.64 Vendors web site http://www.xfire.com/ remote exploit coded by: n00b.. Credit's to n00b for finding this bug.. Xfire client has a dos exploit closing the client upon success full exploitation xfire will fail..Ive...

Xfire 1.6.4 - Remote Denial of Service (Perl)

Xfire 1.6.4 - Remote Denial of Service Perl !/usr/bin/perl Moderator of http://igniteds.net X fire version:new Release 1.64 Vendors web site http://www.xfire.com/ remote exploit coded by: n00b.. Credit's to n00b for finding this bug.. Xfire client has a dos exploit closing the client upon success...