26 matches found
CVE-2021-33208
The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file...
EUVD-2007-1341
Malware in sbrugna...
EUVD-2017-4012
Malware in sbrugna...
EUVD-2018-8506
Malware in sbrugna...
Ubuntu 14.04 LTS : c3p0 vulnerability (USN-7571-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7571-1 advisory. Aaron Massey discovered that c3p0 could be made to crash when parsing certain input. An attacker able to modify the applications XML configuration file could...
Cisco AsyncOS Input Validation Error Vulnerability (CNVD-2025-03529)
Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. An input validation error vulnerability exists in Cisco AsyncOS, which stems from insufficient validation of an XML configuration file, and can be exploited by an authenticated remote attacker to upload specially crafted files...
Design/Logic Flaw
DISPUTED KeePass through 2.53 in a default installation allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker...
CVE-2023-24055
CVE-2023-24055 affects KeePass up to version 2.53 where an attacker with write access to KeePass.config.xml can trigger an export and exfiltrate cleartext passwords. Evidence and discussion appear in NVD/NVD-derived entries, OSS advisories, Mageia MGASA-2023-0221 (fix/update discussions), OSV- MG...
CVE-2022-3340
XML External Entity XXE vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported...
Xxe
XML External Entity XXE vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported...
CVE-2021-33208
The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file...
CVE-2021-33208
The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file...
USN-5293-2: c3p0 vulnerability
USN-5293-1 fixed a vulnerability in c3p0. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Aaron Massey discovered that c3p0 could be made to crash when parsing certain input. An attacker able to modify the application's XML configuration file could...
USN-5293-1: c3p0 vulnerability
Aaron Massey discovered that c3p0 could be made to crash when parsing certain input. An attacker able to modify the application's XML configuration file could cause a denial of service...
Arbitrary Code Execution
Open Racing Car Simulator TORCS is vulnerable to arbitrary code execution. A remote attacker could inject and execute arbitrary code via a long file name in an engine sample attribute in an xml configuration file...
CVE-2017-12439
SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xmlpath HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML configuration file. This has resultant content forgery, cross site scripting, and unvalidated...
CVE-2012-1189
Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator TORCS before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary code via a long file name in an engine sample attribute in an xml configuration file...
CVE-2012-1189
Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator TORCS before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary code via a long file name in an engine sample attribute in an xml configuration file...
CVE-2012-1189
Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator TORCS before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary code via a long file name in an engine sample attribute in an xml configuration file...
Stack overflow
Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator TORCS before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary code via a long file name in an engine sample attribute in an xml configuration file...