CVE-2012-4399

The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity XXE injection attack...

Debian DSA-2534-1 : postgresql-8.4 - several vulnerabilities

Two vulnerabilities related to XML processing were discovered in PostgreSQL, a SQL database. - CVE-2012-3488 contrib/xml2's xsltprocess can be used to read and write external files and URLs. - CVE-2012-3489 xmlparse fetches external files or URLs to resolve DTD and entity references in XML values...

CVE-2012-1891

Heap-based buffer overflow in Microsoft Data Access Components MDAC 2.8 SP1 and SP2 and Windows Data Access Components WDAC 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE...

Heap overflow

Heap-based buffer overflow in Microsoft Data Access Components MDAC 2.8 SP1 and SP2 and Windows Data Access Components WDAC 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE...

CVE-2012-1891

CVE-2012-1891 is a heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1/SP2 and Windows Data Access Components (WDAC) 6.0 that allows remote code execution when processing crafted XML data, due to an access of an uninitialized object in memory (the issue commonly referenc...

CVE-2012-1891

Heap-based buffer overflow in Microsoft Data Access Components MDAC 2.8 SP1 and SP2 and Windows Data Access Components WDAC 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE...

CVE-2012-1891

Heap-based buffer overflow in Microsoft Data Access Components MDAC 2.8 SP1 and SP2 and Windows Data Access Components WDAC 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE...

PT-2012-3629 · Microsoft · Data Access Components +1

Name of the Vulnerable Software and Affected Versions: Microsoft Data Access Components MDAC versions 2.8 SP1 through 2.8 SP2 Windows Data Access Components WDAC version 6.0 Description: The issue allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an...

Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability

The FishEye and Crucible plugins for JIRA are prone to an unspecified security vulnerability because they fail to properly handle crafted XML data. Exploiting this issue allows remote attackers to cause denial-of- service conditions or to disclose local sensitive files in the context of an affect...

CVE-2012-0841

libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data...

DSA-2417-1 libxml2 - denial of service

Bulletin has no description...

libxml2: hash table collisions CPU usage DoS

libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data...

CVE-2011-4107

The simplexmlloadstring function in the XML import plug-in libraries/import/xml.php in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity XXE injection...

Debian: Security Advisory (DSA-2248-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apple Safari 'libxml'远程代码执行漏洞

Bugtraq ID: 48832 CVE ID：CVE-2011-0216 Apple Safari是一款流行的WEB浏览器。 Apple Safari使用的libxml处理XML数据时存在一个单字节堆缓冲区溢出，查看特制的WEB站点可导致应用程序崩溃或可能以应用程序上下文执行任意代码。 Apple Safari 4.1.2 for Windows Apple Safari 4.0.5 for Windows Apple Safari 4.0.5 Apple Safari 4.0.4 for Windows Apple Safari 4.0.4 Apple Safari 4.0.3 f...

Debian DSA-2250-1 : citadel - denial of service

Wouter Coekaerts discovered that the Jabber server component of Citadel, a complete and feature-rich groupware server, is vulnerable to the so-called'billion laughs' attack because it does not prevent entity expansion on received data. This allows an attacker to perform denial of service attacks...

Citadel Jabber server / Jabberd / ejabberd DoS

DoS on XML data parsing...

[SECURITY] [DSA 2250-1] citadel security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2250-1 [email protected] http://www.debian.org/security/ Nico Golde March 31, 2011 http://www.debian.org/security/faq -...

[SECURITY] [DSA 2249-1] jabberd14 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2249-1 [email protected] http://www.debian.org/security/ Nico Golde March 31, 2011 http://www.debian.org/security/faq -...

DSA-2249-1 jabberd14 - denial of service

Bulletin has no description...