Lucene search
K

824 matches found

Cvelist
Cvelist
added 2008/07/09 11:0 p.m.50 views

CVE-2008-3106

Unspecified vulnerability in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted 1 application or 2 applet, a different...

8.5AI score0.03342EPSS
Exploits0References40
RedHat Linux
RedHat Linux
added 2008/01/11 12:27 p.m.4 views

libxml2: infinite loop in UTF-8 decoding

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service infinite loop via XML containing invalid UTF-8 sequences...

5CVSS7.3AI score0.02566EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2007/11/14 12:0 a.m.34 views

openSUSE 10 Security Update : rubygem-activesupport (rubygem-activesupport-4565)

A cross site scripting XSS bug allowed attackers to execute JavaScript code in the context of other websites CVE-2007-3227. Specially crafted requests could crash an application when processing XML data CVE-2007-5379. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

5CVSS5AI score0.03969EPSS
Exploits1References2
Saint
Saint
added 2006/11/17 12:0 a.m.25 views

Microsoft XMLHTTP ActiveX control setRequestHeader vulnerability

Added: 11/17/2006 CVE: CVE-2006-5745 BID: 20915 OSVDB: 30208 Background Microsoft XML Core Services includes the XMLHTTP ActiveX control, which allows web pages to send and receive XML data. Problem A memory corruption vulnerability in the XMLHTTP ActiveX control allows command execution when a...

7.6CVSS6.7AI score0.75946EPSS
Exploits7
0day.today
0day.today
added 2006/03/02 12:0 a.m.40 views

phpRPC Library <= 0.7 XML Data Decoding Remote Code Execution (2)

Exploit for unknown platform in category web applications ================================================================= phpRPC Library $host, "proxy=s" = $proxy, "verbose+" = $verbose; &usage unless $host; while print color"green", "cijfer$ ", color"reset"; chomp$command = ; exit unless...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/03/02 12:0 a.m.19 views

phpRPC Library &lt;= 0.7 XML Data Decoding Remote Code Execution (2)

No description provided by source. !/usr/bin/perl phpRPC =0.7 Remote Command Execution Exploit based on: http://www.gulftech.org/?node=research&articleid=00105-02262006 Copyright c 2006 cijfer cijfer@netti!fi All rights reserved. never ctrl+c again. cijfer$ http://target.com/dir host changed to...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/03/02 12:0 a.m.64 views

phpRPC Library 0.7 - XML Data Decoding Remote Code Execution (2)

!/usr/bin/perl phpRPC All rights reserved. never ctrl+c again. cijfer$ http://target.com/dir host changed to 'http://target.com/dir' cijfer$ $Id: cijfer-prpcxpl.pl,v 0.1 2006/03/01 05:46:00 cijfer Exp $ use LWP::UserAgent; use URI::Escape; use Getopt::Long; use Term::ANSIColor; $res =...

7.4AI score
Exploits0
0day.today
0day.today
added 2006/03/01 12:0 a.m.96 views

phpRPC Library <= 0.7 XML Data Decoding Remote Code Execution

Exploit for unknown platform in category web applications ============================================================= phpRPC Library new Proto = "tcp", PeerAddr = "$host", PeerPort = "80" || die "connecterror\n"; while 1 print 'IRAN HOMELAND SECURITY$ '; $cmd = ; chop$cmd; last if $cmd eq 'exit...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/03/01 12:0 a.m.13 views

phpRPC Library &lt;= 0.7 XML Data Decoding Remote Code Execution

No description provided by source. !/usr/bin/perl root@host perl rpc.pl phprpc.sourceforge.net /modules/phpRPC/server.php --== IHS IRAN HOMELAND SECURITY ==-- phpRPC = 0.7 commands execute exploit by LorD http://www.ihs.ir IRAN HOMELAND SECURITY$ uname -a;id;pwd Linux sc8-pr-web9.sourceforge.net...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/03/01 12:0 a.m.50 views

phpRPC Library 0.7 - XML Data Decoding Remote Code Execution (1)

!/usr/bin/perl root@host perl rpc.pl phprpc.sourceforge.net /modules/phpRPC/server.php --== IHS IRAN HOMELAND SECURITY ==-- phpRPC new Proto = "tcp", PeerAddr = "$host", PeerPort = "80" || die "connecterror\n"; while 1 print 'IRAN HOMELAND SECURITY$ '; $cmd = ; chop$cmd; last if $cmd eq 'exit';...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2005/10/08 12:0 a.m.30 views

oracle_xmldb_css.txt

Cross-Site-Scripting Vulnerability in Oracle XMLDB Name Cross-Site-Scripting Vulnerability in Oracle XMLDB Systems Affected Oracle Database 9i Rel. 2 Severity Low Risk Category Cross Site Scripting CSS/XSS Vendor URL http://www.oracle.com This advisory...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/07/16 12:0 a.m.42 views

GLSA-200507-15 : PHP: Script injection through XML-RPC

The remote host is affected by the vulnerability described in GLSA-200507-15 PHP: Script injection through XML-RPC James Bercegay has discovered that the XML-RPC implementation in PHP fails to sanitize input passed in an XML document, which is used in an 'eval' statement. Impact : A remote attack...

7.5CVSS6.1AI score0.79071EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2005/07/11 12:0 a.m.53 views

GLSA-200507-08 : phpGroupWare, eGroupWare: PHP script injection vulnerability

The remote host is affected by the vulnerability described in GLSA-200507-08 phpGroupWare, eGroupWare: PHP script injection vulnerability The XML-RPC implementations of phpGroupWare and eGroupWare fail to sanitize input sent to the XML-RPC server using the 'POST' method. Impact : A remote attacke...

7.5CVSS6.1AI score0.79071EPSS
Exploits5References2
Gentoo Linux
Gentoo Linux
added 2005/07/06 12:0 a.m.68 views

TikiWiki: Arbitrary command execution through XML-RPC

Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. TikiWiki includes vulnerable PHP XML-RPC code. Description TikiWiki is vulnerable to arbitrary command execution as described in GLSA 200507-01. Impact A remote attacker could exploit this...

7.5CVSS7.4AI score0.79071EPSS
Exploits5
securityvulns
securityvulns
added 2005/04/12 12:0 a.m.20 views

Multiple Mozilla / Firefox / Thunderbird browsers bugs

Symbolic links problem, crossite XML data access, form autocomplete feature information leak, buffer overflows, data spoofing, invalid certificates handlings...

3.8AI score
Exploits0References4Affected Software3
securityvulns
securityvulns
added 2004/10/13 12:0 a.m.29 views

Regression in IE: Accessing remote/local content in IE &#40;GM#009-IE&#41;

For further information on the regression itself see "Solution" section. GreyMagic Security Advisory GM009-IE ===================================== By GreyMagic Software, 23 Aug 2002, 12 Oct 2004. Available in HTML format at http://www.greymagic.com/security/advisories/gm009-ie/. Topic: Accessing...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2004/08/10 12:0 a.m.24 views

JAVA XSLT processor XML sniffing

It's psosible to sniff XML data from different application domain...

2.3AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2004/02/21 12:0 a.m.39 views

Oracle Multiple Products SOAP Message Crafted DTD Remote DoS

According to its version, the remote Oracle Database is affected by a denial of service vulnerability. By sending specially crafted SOAP messages with carefully designed XML Data Type Definitions DTDs, it may be possible for a remote attacker to crash the remote database. %NASLMINLEVEL 70300 C...

5CVSS5.5AI score0.02628EPSS
Exploits0References2
NVD
NVD
added 2003/11/17 5:0 a.m.20 views

CVE-2003-0809

Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page...

7.5CVSS7.5AI score0.2667EPSS
Exploits1References5
Cvelist
Cvelist
added 2003/10/08 4:0 a.m.28 views

CVE-2003-0809

Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page...

7.9AI score0.2667EPSS
Exploits1References5
Rows per page
Query Builder