Lucene search
K

53 matches found

Cvelist
Cvelist
added 2015/05/08 2:0 p.m.24 views

CVE-2015-2347

Cross-site scripting XSS vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote attackers to inject arbitrary web script or HTML via the command XML element in the req parameter to flexdata.action in 1 common/, 2 monitor/, or 3 psnpm/ or the 4 module XML element in the r...

5.9AI score0.01352EPSS
Exploits2References4
NVD
NVD
added 2013/12/14 5:21 p.m.20 views

CVE-2013-7103

McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a 1 TestFile XML element or the 2 hostname. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands...

9CVSS7.1AI score0.04316EPSS
Exploits1References5
Prion
Prion
added 2013/12/14 5:21 p.m.21 views

Command injection

McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands by specifying them in the value attribute in a 1 Command or 2 Script XML element. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands...

9CVSS7.5AI score0.04316EPSS
Exploits4References5Affected Software1
NVD
NVD
added 2013/01/03 1:55 a.m.24 views

CVE-2012-2379

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...

10CVSS6.4AI score0.04112EPSS
Exploits1References24
Prion
Prion
added 2013/01/03 1:55 a.m.20 views

Code injection

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...

10CVSS7AI score0.04112EPSS
Exploits1References24Affected Software1
Cvelist
Cvelist
added 2013/01/03 1:0 a.m.37 views

CVE-2012-2379

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...

5.6AI score0.04112EPSS
Exploits1References24
CVE
CVE
added 2013/01/03 1:0 a.m.136 views

CVE-2012-2379

CVE-2012-2379 is tied to Apache CXF in the 2.4.x/2.5.x/2.6.x lines where a Supporting Token with a child WS-SecurityPolicy 1.1/1.2 policy may fail to ensure an XML element is signed or encrypted. The F5 advisory repository lists this CVE among multiple CXF/JBoss issues, reiterating the same under...

10CVSS5.8AI score0.04112EPSS
Exploits1References24Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2012/06/28 12:0 a.m.32 views

Apple Quicktime TeXML Style Element Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X...

7.5CVSS5.1AI score0.28623EPSS
Exploits9
Cvelist
Cvelist
added 2008/07/14 6:0 p.m.23 views

CVE-2008-2304

Buffer overflow in Apple Core Image Fun House 2.0 and earlier in CoreImage Examples in Xcode tools before 3.1 allows user-assisted attackers to execute arbitrary code or cause a denial of service application crash via a .funhouse file with a string XML element that contains many characters...

7.7AI score0.05676EPSS
Exploits1References10
Prion
Prion
added 2007/09/24 12:17 a.m.22 views

Design/Logic Flaw

Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link QTL file with an embed XML element and a qtnext parameter containing the...

9.3CVSS8.6AI score0.29355EPSS
Exploits4References10Affected Software2
Cvelist
Cvelist
added 2005/04/26 4:0 a.m.21 views

CVE-2004-1078

Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element...

8.1AI score0.03765EPSS
Exploits0References3
OSV
OSV
added 2004/12/31 5:0 a.m.4 views

DEBIAN-CVE-2004-2160

Format string vulnerability in xmlelem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow attackers to cause a denial of service or execute arbitrary code...

6.4CVSS7.5AI score0.01695EPSS
Exploits0References1
NVD
NVD
added 2004/04/26 4:0 a.m.15 views

CVE-2004-1078

Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element...

7.5CVSS8.1AI score0.03765EPSS
Exploits0References3
Rows per page
Query Builder