56 matches found
Security Bulletin: IBM Cloud Private is vulnerable to a Go vulnerability (CVE-2021-27919, CVE-2021-27918)
Summary IBM Cloud Private is vulnerable to a Go vulnerability Vulnerability Details CVEID: CVE-2021-27919 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the Reader.Open API when use a ZIP archive containing files start with “../”. By persuading a victim to open a...
Security Bulletin: Dom4j XML Injection Vulnerability Affects IBM Sterling B2B Integrator (CVE-2018-1000632)
Summary IBM Sterling B2B Integrator has addressed a Dom4j XML injection vulnerability. Vulnerability Details CVEID: CVE-2018-1000632 DESCRIPTION: dom4j could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation in multiple methods. By sending a...
CloudBees Jenkins RapidDeploy plugin code issue vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . RapidDeploy Plugin is used in one of the...
Unspecified Vulnerability in IBM Security Directory Server (CNVD-2019-38504)
IBM Security Directory Server is a suite of enterprise identity management software from IBM USA that uses the Lightweight Directory Access Protocol LDAP. The software provides a trusted identity data infrastructure for authentication. A security vulnerability exists in IBM Security Directory...
Microsoft Visual Studio Elevation of Privilege Vulnerability
Microsoft Visual Studio is a family of development tool suites from Microsoft, and a largely complete development toolset that includes most of the tools needed throughout the software life cycle. An elevation of privilege vulnerability exists in Microsoft Visual Studio that stems from the progra...
CVE-2019-12154
XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions...
Directory Traversal
Liferay portal is vulnerable to directory traversal.XSL content portlet paths for XSL and XML content is not validated and allows a remote attacker to retrieve system files by submitting file:/// in the URL...
CVE-2018-8533
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio SSMS when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, S...
Cross site scripting
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process...
CVE-2017-2640
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process...
Security Bulletin: Vulnerability in IBM Rational Software Architect Design Manager can allow denial of service attack (CVE-2016-8974, CVE-2016-9698)
Summary XML content of review comments and OSLC links can be altered to harm RSA DM server responsiveness. Vulnerability Details CVEID: CVE-2016-8974 Description: IBM Rhapsody DM is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error when processing XML data. A...
CVE-2018-8176
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office...
Remote code execution
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office...
CVE-2018-8176
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office...
Microsoft PowerPoint Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...
CVE-2017-2640
An out-of-bounds write flaw was found in the way Pidgin processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process...
Mozilla Thunderbird < 31.7 Multiple Vulnerabilities (Mac OS X)
The version of Thunderbird installed on the remote Mac OS X host is prior to 31.7. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and execute arbitrary code...
Firefox ESR 31.x < 31.7 Multiple Vulnerabilities (Mac OS X)
The version of Firefox ESR 31.x installed on the remote Mac OS X host is prior to 31.7. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and execute arbitrary...
Microsoft XML Signature HMAC Truncation Bypass (MS10-041) - Ver2 (CVE-2009-0217)
The Microsoft .NET Framework is a component of the Microsoft Windows operating system that enables building and running software applications and Web services. A tampering vulnerability exists in the Microsoft .NET Framework that could allow an attacker to tamper with signed XML content without...
SPIP < 2.0.9 Arbitrary Copy All Passwords to XML File Remote Exploit
No description provided by source. !/usr/bin/env python SPIP - Content Management System 2.0.9 exploit http://www.securityfocus.com/bid/36008 Author : KernelPanik import urllib, urllib2 import cookielib import sys def sendrequesturlOpener, url, postdata=None: request = urllib2.Requesturl url =...