mcpp.co.kr Cross Site Scripting vulnerability

Security Researcher Renzi Helped patch 6742 vulnerabilities Received 8 Coordinated Disclosure badges Received 36 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting mcpp.co.kr website and its users. Following coordinated and...

revistagq.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-954197 Security Researcher geeknik Helped patch 8887 vulnerabilities Received 8 Coordinated Disclosure badges Received 21 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting revistagq.com website and i...

CVE-2019-4513

IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 164555...

couponsock.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-951943 Security Researcher geeknik Helped patch 8949 vulnerabilities Received 8 Coordinated Disclosure badges Received 21 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting couponsock.com website and...

pittnercl.cz Cross Site Scripting vulnerability

Security Researcher metamorfosec Helped patch 1935 vulnerabilities Received 9 Coordinated Disclosure badges Received 31 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting pittnercl.cz website and its users. Following...

CVE-2019-13176

An issue was discovered in the 3CX Phone system web management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF reading local files, outbound HTTP, and outbound DNS...

XML External Entity (XXE)

Jenkins Token Macro Plugin is vulnerable to XML external entity attacks. A remote, unauthenticated attacker could control the content of the input file for the "XML" macro to have Jenkins resolve external entities and exploit of the flawed XML Data Handler component resulting in the extraction of...

Upgrading Crowd via XML Data Transfer reactivate disabled user from OpenLDAP - CVE-2019-20902

h3. Issue Summary Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. h3. Environment Crowd 3.x.x OpenLDAP h3. Steps to Reproduce Install Crowd 3.1.1 and connect with OpenLDAP directory. Synchronise the OpenLDAP directory. Disable one of the user from OpenLDAP...

Upgrading Crowd via XML Data Transfer reactivate disabled user from OpenLDAP - CVE-2019-20902

h3. Issue Summary Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. h3. Environment Crowd 3.x.x OpenLDAP h3. Steps to Reproduce Install Crowd 3.1.1 and connect with OpenLDAP directory. Synchronise the OpenLDAP directory. Disable one of the user from OpenLDAP...

Xxe

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905...

Juniper JSA10904

The version of tested product installed on the remote host is 12.3 prior to 12.3R12-S12, 12.3X48 prior to 12.3X48-D76, 14.1X53 prior to 14.1X53-D48, 15.1 prior to 15.1R5, 15.1X49 prior to 15.1X49-D151, 15.1 prior to 15.1F6-S12 or 16.1 prior to 16.1R2. It is, therefore, affected by a denial of...

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

CVE-2019-5815

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data...

USN-3921-1 xmltooling vulnerability

It was discovered that XMLTooling incorrectly handled certain XML files with invalid data. An attacker could use this issue to cause XMLTooling to crash, resulting in a denial of service...

CVE-2018-19276

OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body...

Deserialization of untrusted data

OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body...

CVE-2018-19276

OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body...

GHSA-3WC8-659G-R88Q Low severity vulnerability that affects org.springframework.batch:spring-batch-core

Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...