XML External Entity Injection (XXE)

Spring Batch Core is vulnerable to XML external entity injection XXE. The vulnerability exists because it fails to disable Document Type Definition External Entities by default, allowing an attacker to perform XXE attacks using malicious XML data input...

Cross-site Scripting (XSS)

spacewalk-java is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this...

Denial Of Service (DoS)

libxml2 is vulnerable to denial of service attacks due to improper prevention of entity expansion in the xmlStringLenDecodeEntities function in parser.c. A context-dependent attacker is able to cause a denial of service by exhausting CPU using specially crafted XML data...

PHP 5.6.x < 5.6.19 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.19. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists in file ext/wddx/wddx.c in the phpwddxpopelement function when handling XML data. An unauthenticated,...

The vulnerability of the Qualcomm operating system Android component, which allows a hacker to trigger a buffer overflow in memory

The vulnerability of the Qualcomm Android operating system is related to array indexing errors. Exploiting this vulnerability can allow attackers to cause buffer overflows in memory by using malicious XML data in the firehose directory...

Input validation

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable...

CVE-2018-7833

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable...

CVE-2018-7833

CVE-2018-7833 affects the embedded web servers in Schneider Electric Modicon M340, Premium, Quantum PLCs and BMXNOR0200. A vulnerability described as an improper check for unusual or exceptional conditions allows an unauthenticated remote attacker to send specially crafted XML data via a POST req...

CVE-2018-7833

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable...

Xxe

IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150170...

Moderate severity vulnerability that affects com.adobe.xmp:xmpcore

XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

Moderate severity vulnerability that affects com.adobe.xmp:xmpcore

XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

Remote Code Execution (RCE)

pippo-xstream is vulnerable to remote code execution. The XstreamEngine component does not validate XML data before unmarshalling, which may lead to arbitrary code execution via a command to java.lang.ProcessBuilder when using XML data containing malicious types...

eonline.com XSS vulnerability

Open Bug Bounty ID: OBB-682668 Description| Value ---|--- Affected Website:| eonline.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

slivern.dk XSS vulnerability

Open Bug Bounty ID: OBB-681110 Description| Value ---|--- Affected Website:| slivern.dk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Xxe

IBM Jazz Foundation IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resource...

Updated xml-security-c packages fix security vulnerability

It was discovered that the Apache XML Security for C++ library performed insufficient validation of KeyInfo hints, which could result in denial of service via NULL pointer dereferences when processing malformed XML data...

Design/Logic Flaw

In Snapdragon Automobile, Mobile, Wear in version MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429,...

CVE-2018-11267

In Snapdragon Automobile, Mobile, Wear in version MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429,...

CVE-2018-11267

In Snapdragon Automobile, Mobile, Wear in version MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429,...