Xxe

The management console in Symantec Endpoint Protection Manager SEPM 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External...

Xxe

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity...

MGASA-2014-0433 Updated zabbix package fixes security vulnerability

It was reported that the Zabbix frontend supported an XML data import feature, where on the server it used DOMDocument to parse the XML. By default, DOMDocument also parses the external DTD, which could allow a remote attacker to use a crafted XML file causing Zabbix to read an arbitrary local...

phpRPC Library <= 0.7 XML Data Decoding Remote Code Execution (2)

No description provided by source. !/usr/bin/perl phpRPC =0.7 Remote Command Execution Exploit based on: http://www.gulftech.org/?node=research&articleid=00105-02262006 Copyright c 2006 cijfer cijfer@netti!fi All rights reserved. never ctrl+c again. cijfer$ http://target.com/dir host changed to...

Ametys CMS 3.5.2 - (lang parameter) XPath Injection Vulnerability

No description provided by source. Ametys CMS 3.5.2 lang parameter XPath Injection Vulnerability Vendor: Anyware Services Product web page: http://www.ametys.org Download: http://www.ametys.org/en/download/ametys-cms.html Affected version: 3.5.2 and 3.5.1 Summary: Ametys is a Java-based open sour...

Castor Library - XML External Entity Information Disclosure

Castor Library - XML External Entity Information Disclosure source: https://www.securityfocus.com/bid/67676/info Castor Library is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. Caster...

MobileIron VSP/Sentry 'j_username'参数XPath注入漏洞

Bugtraq ID:66595 CVE ID:CVE-2014-1409 MobileIron是一个虚拟智能终端平台，包含VSP,Sentry等组件。 MobileIron VSP/Sentry管理接口存在验证绕过漏洞，https://target/mics/jspringsecuritycheck中的脚本不正确过滤'jusername'参数，允许未验证攻击者进行XPath注入攻击，可获取XML文档数据，如配置文件等。 0 MobileIron VSP 5.9.1 MobileIron Sentry 5.0 MobileIron VSP 5.9.1和MobileIron Sentry...

Symantec Endpoint Protection Manager XXE and SQL Injection Vulnerabilities

Added: 02/24/2014 CVE: CVE-2013-5014 BID: 65466 OSVDB: 103306 Background Symantec Endpoint Protection, by Symantec Corporation, is an antivirus and personal firewall product designed to be centrally managed in corporate environments by the Symantec Endpoint Protection Manager SEPM. The SEPM...

Xxe

The management console in Symantec Endpoint Protection Manager SEPM 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external enti...

[SECURITY] Fedora 19 Update: perl-MARC-XML-1.0.2-1.fc19

MARC-XML is an extension to the MARC-Record distribution for working with X ML data encoded using the MARC21slim XML schema from the Library of Congress. For more details see: http://www.loc.gov/standards/marcxml/...

[SECURITY] Fedora 20 Update: perl-MARC-XML-1.0.2-1.fc20

MARC-XML is an extension to the MARC-Record distribution for working with X ML data encoded using the MARC21slim XML schema from the Library of Congress. For more details see: http://www.loc.gov/standards/marcxml/...

Fat Free CRM Gem for Ruby allows remote attackers to obtain sensitive informations

Fat Free CRM contains a flaw that is triggered when the attacker sends a direct request for XML data. This may allow a remote attacker to gain access to potentially sensitive information...

CVE-2012-6612

The 1 UpdateRequestHandler for XSLT or 2 XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, different...

CVE-2012-6612

The 1 UpdateRequestHandler for XSLT or 2 XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, different...

Ametys CMS 3.5.2 XPath Injection Vulnerability

Ametys CMS version 3.5.2 suffers from an XPath injection vulnerability. Input passed via the 'lang' POST parameter in the newsletter plugin is not properly sanitized before being used to construct an XPath query for XML data. Ametys CMS 3.5.2 lang parameter XPath Injection Vulnerability Vendor:...

Ametys CMS 3.5.2 - lang XPath Injection

Ametys CMS 3.5.2 - lang XPath Injection Ametys CMS 3.5.2 lang parameter XPath Injection Vulnerability Vendor: Anyware Services Product web page: http://www.ametys.org Download: http://www.ametys.org/en/download/ametys-cms.html Affected version: 3.5.2 and 3.5.1 Summary: Ametys is a Java-based open...

Ametys CMS 3.5.2 XPath Injection

Ametys CMS 3.5.2 lang parameter XPath Injection Vulnerability Vendor: Anyware Services Product web page: http://www.ametys.org Affected version: 3.5.2 and 3.5.1 Summary: Ametys is a Java-based open source CMS combining rich content with an easy-to-use and intuitive interface. Desc: Input passed v...

Ametys CMS 3.5.2 - &#039;lang&#039; XPath Injection

Ametys CMS 3.5.2 lang parameter XPath Injection Vulnerability Vendor: Anyware Services Product web page: http://www.ametys.org Download: http://www.ametys.org/en/download/ametys-cms.html Affected version: 3.5.2 and 3.5.1 Summary: Ametys is a Java-based open source CMS combining rich content with ...

HP Onboard Administrator Detection

HP Onboard Administrator was found. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid70140; scriptversion"1.3"; scriptcvsdate"Date: 2019/11/25"; scriptnameenglish:"HP Onboard Administrator Detection"; scriptsummaryenglish:"Check XML data response.";...

Debian Security Advisory DSA 2534-1 (postgresql-8.4 - several vulnerabilities)

Two vulnerabilities related to XML processing were discovered in PostgreSQL, an SQL database. CVE-2012-3488contrib/xml2's xsltprocess can be used to read and write external files and URLs. CVE-2012-3489xmlparse fetches external files or URLs to resolve DTD and entity references in XML values. Thi...