53 matches found
CVE-2015-2347
Cross-site scripting XSS vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote attackers to inject arbitrary web script or HTML via the command XML element in the req parameter to flexdata.action in 1 common/, 2 monitor/, or 3 psnpm/ or the 4 module XML element in the r...
CVE-2013-7103
McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a 1 TestFile XML element or the 2 hostname. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands...
Command injection
McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands by specifying them in the value attribute in a 1 Command or 2 Script XML element. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands...
CVE-2012-2379
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...
Code injection
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...
CVE-2012-2379
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...
CVE-2012-2379
CVE-2012-2379 is tied to Apache CXF in the 2.4.x/2.5.x/2.6.x lines where a Supporting Token with a child WS-SecurityPolicy 1.1/1.2 policy may fail to ensure an XML element is signed or encrypted. The F5 advisory repository lists this CVE among multiple CXF/JBoss issues, reiterating the same under...
Apple Quicktime TeXML Style Element Parsing Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X...
CVE-2008-2304
Buffer overflow in Apple Core Image Fun House 2.0 and earlier in CoreImage Examples in Xcode tools before 3.1 allows user-assisted attackers to execute arbitrary code or cause a denial of service application crash via a .funhouse file with a string XML element that contains many characters...
Design/Logic Flaw
Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link QTL file with an embed XML element and a qtnext parameter containing the...
CVE-2004-1078
Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element...
DEBIAN-CVE-2004-2160
Format string vulnerability in xmlelem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow attackers to cause a denial of service or execute arbitrary code...
CVE-2004-1078
Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element...