824 matches found
CVE-2008-3106
Unspecified vulnerability in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted 1 application or 2 applet, a different...
libxml2: infinite loop in UTF-8 decoding
The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service infinite loop via XML containing invalid UTF-8 sequences...
openSUSE 10 Security Update : rubygem-activesupport (rubygem-activesupport-4565)
A cross site scripting XSS bug allowed attackers to execute JavaScript code in the context of other websites CVE-2007-3227. Specially crafted requests could crash an application when processing XML data CVE-2007-5379. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Microsoft XMLHTTP ActiveX control setRequestHeader vulnerability
Added: 11/17/2006 CVE: CVE-2006-5745 BID: 20915 OSVDB: 30208 Background Microsoft XML Core Services includes the XMLHTTP ActiveX control, which allows web pages to send and receive XML data. Problem A memory corruption vulnerability in the XMLHTTP ActiveX control allows command execution when a...
phpRPC Library <= 0.7 XML Data Decoding Remote Code Execution (2)
Exploit for unknown platform in category web applications ================================================================= phpRPC Library $host, "proxy=s" = $proxy, "verbose+" = $verbose; &usage unless $host; while print color"green", "cijfer$ ", color"reset"; chomp$command = ; exit unless...
phpRPC Library <= 0.7 XML Data Decoding Remote Code Execution (2)
No description provided by source. !/usr/bin/perl phpRPC =0.7 Remote Command Execution Exploit based on: http://www.gulftech.org/?node=research&articleid=00105-02262006 Copyright c 2006 cijfer cijfer@netti!fi All rights reserved. never ctrl+c again. cijfer$ http://target.com/dir host changed to...
phpRPC Library 0.7 - XML Data Decoding Remote Code Execution (2)
!/usr/bin/perl phpRPC All rights reserved. never ctrl+c again. cijfer$ http://target.com/dir host changed to 'http://target.com/dir' cijfer$ $Id: cijfer-prpcxpl.pl,v 0.1 2006/03/01 05:46:00 cijfer Exp $ use LWP::UserAgent; use URI::Escape; use Getopt::Long; use Term::ANSIColor; $res =...
phpRPC Library <= 0.7 XML Data Decoding Remote Code Execution
Exploit for unknown platform in category web applications ============================================================= phpRPC Library new Proto = "tcp", PeerAddr = "$host", PeerPort = "80" || die "connecterror\n"; while 1 print 'IRAN HOMELAND SECURITY$ '; $cmd = ; chop$cmd; last if $cmd eq 'exit...
phpRPC Library <= 0.7 XML Data Decoding Remote Code Execution
No description provided by source. !/usr/bin/perl root@host perl rpc.pl phprpc.sourceforge.net /modules/phpRPC/server.php --== IHS IRAN HOMELAND SECURITY ==-- phpRPC = 0.7 commands execute exploit by LorD http://www.ihs.ir IRAN HOMELAND SECURITY$ uname -a;id;pwd Linux sc8-pr-web9.sourceforge.net...
phpRPC Library 0.7 - XML Data Decoding Remote Code Execution (1)
!/usr/bin/perl root@host perl rpc.pl phprpc.sourceforge.net /modules/phpRPC/server.php --== IHS IRAN HOMELAND SECURITY ==-- phpRPC new Proto = "tcp", PeerAddr = "$host", PeerPort = "80" || die "connecterror\n"; while 1 print 'IRAN HOMELAND SECURITY$ '; $cmd = ; chop$cmd; last if $cmd eq 'exit';...
oracle_xmldb_css.txt
Cross-Site-Scripting Vulnerability in Oracle XMLDB Name Cross-Site-Scripting Vulnerability in Oracle XMLDB Systems Affected Oracle Database 9i Rel. 2 Severity Low Risk Category Cross Site Scripting CSS/XSS Vendor URL http://www.oracle.com This advisory...
GLSA-200507-15 : PHP: Script injection through XML-RPC
The remote host is affected by the vulnerability described in GLSA-200507-15 PHP: Script injection through XML-RPC James Bercegay has discovered that the XML-RPC implementation in PHP fails to sanitize input passed in an XML document, which is used in an 'eval' statement. Impact : A remote attack...
GLSA-200507-08 : phpGroupWare, eGroupWare: PHP script injection vulnerability
The remote host is affected by the vulnerability described in GLSA-200507-08 phpGroupWare, eGroupWare: PHP script injection vulnerability The XML-RPC implementations of phpGroupWare and eGroupWare fail to sanitize input sent to the XML-RPC server using the 'POST' method. Impact : A remote attacke...
TikiWiki: Arbitrary command execution through XML-RPC
Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. TikiWiki includes vulnerable PHP XML-RPC code. Description TikiWiki is vulnerable to arbitrary command execution as described in GLSA 200507-01. Impact A remote attacker could exploit this...
Multiple Mozilla / Firefox / Thunderbird browsers bugs
Symbolic links problem, crossite XML data access, form autocomplete feature information leak, buffer overflows, data spoofing, invalid certificates handlings...
Regression in IE: Accessing remote/local content in IE (GM#009-IE)
For further information on the regression itself see "Solution" section. GreyMagic Security Advisory GM009-IE ===================================== By GreyMagic Software, 23 Aug 2002, 12 Oct 2004. Available in HTML format at http://www.greymagic.com/security/advisories/gm009-ie/. Topic: Accessing...
JAVA XSLT processor XML sniffing
It's psosible to sniff XML data from different application domain...
Oracle Multiple Products SOAP Message Crafted DTD Remote DoS
According to its version, the remote Oracle Database is affected by a denial of service vulnerability. By sending specially crafted SOAP messages with carefully designed XML Data Type Definitions DTDs, it may be possible for a remote attacker to crash the remote database. %NASLMINLEVEL 70300 C...
CVE-2003-0809
Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page...
CVE-2003-0809
Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page...