54 matches found
PT-2013-2058 · Microsoft · Xml Core Services +2
Name of the Vulnerable Software and Affected Versions: Microsoft XML Core Services versions 4.0 through 6.0 Description: A remote code execution issue exists due to improper parsing of XML content, allowing attackers to execute arbitrary code via a crafted web page. This may corrupt memory,...
Slackware: Security Advisory (SSA:2008-324-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MS10-041: Vulnerabilities in the Microsoft .NET Framework that could allow tampering
Resolves a vulnerability in the Microsoft .NET Framework that could allow tampering in signed XML content without being detected.Support for Windows Vista Service Pack 1 SP1 ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows Vista with...
Adobe Flash Media Server < 3.5.6 / 4.0.2 Multiple Vulnerabilities (APSB11-11)
The version of Adobe Flash Media Server running on the remote host is earlier than version 3.5.6 or 4.0.2. Such versions are potentially affected by the following vulnerabilities : - The server is affected by a memory corruption issue due to a race condition in the TLS extension code provided by...
MS10-041: Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)
A data tampering vulnerability exists in the Microsoft .NET Framework that could allow an attacker to tamper with signed XML content without being detected. In custom applications, the security impact depends on the specific usage scenario. Scenarios in which signed XML messages are transmitted...
Ubuntu 9.10 : firefox-3.5, xulrunner-1.9.1 vulnerabilities (USN-921-1)
Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered flaws in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking...
USN-921-1: Firefox 3.5 and Xulrunner vulnerabilities
Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered flaws in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking...
Design/Logic Flaw
The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document...
CVE-2009-1700
The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document...
CVE-2009-1700
The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document...
CVE-2009-1700
The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document...
CVE-2009-1700
The CVE-2009-1700 entry describes a vulnerability in WebKit’s XSLT handling that affects Apple Safari before 4.0, iPhone OS 1.0–2.2.1, and iPhone OS for iPod touch 1.1–2.2.1. The issue is improper processing of redirects, enabling remote attackers to read XML content from arbitrary pages via a cr...
OpenCms version 6.0.x Xml Content Demo search engine Cross site scripting
Version: Tested on: - 6.0.0 - 6.0.2 - 6.0.3 Discovered by: jaime.blascoateazeldot.es http://www.eazel.es Description: Input passed to the search query in the Xml Content Demo search engine isn't properly sanitised. This can be exploited to conduct cross-site scripting attacks. Example:...
Ximian Evolution < 2.3.8 Inline XML Content-parsing Overflow
Binary data 3388.prm...