Lucene search
+L

7711 matches found

OSV
OSV
added 2013/12/07 8:55 p.m.7 views

CVE-2013-6397

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. dot dot or full pathname in the tr parameter to solr/select/, when the response writer wt parameter is set to XSLT. NOTE: this can be leveraged using a separa...

4.3CVSS6.4AI score0.56255EPSS
Exploits1References9
OSV
OSV
added 2013/12/07 8:55 p.m.9 views

CVE-2013-6407

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

6.5AI score
Exploits0References7
UbuntuCve
UbuntuCve
added 2013/12/07 8:55 p.m.27 views

CVE-2013-6408

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Enti...

6.4CVSS5.8AI score0.114EPSS
Exploits0References3
Prion
Prion
added 2013/12/07 8:55 p.m.26 views

Xxe

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

6.4CVSS6.8AI score0.114EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2013/12/07 8:55 p.m.20 views

Xxe

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Enti...

6.4CVSS6.8AI score0.114EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2013/12/07 8:55 p.m.29 views

Directory traversal

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. dot dot or full pathname in the tr parameter to solr/select/, when the response writer wt parameter is set to XSLT. NOTE: this can be leveraged using a separa...

4.3CVSS7AI score0.56255EPSS
Exploits1References9Affected Software1
OSV
OSV
added 2013/12/07 8:55 p.m.5 views

UBUNTU-CVE-2013-6397

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. dot dot or full pathname in the tr parameter to solr/select/, when the response writer wt parameter is set to XSLT. NOTE: this can be leveraged using a separa...

4.3CVSS6AI score0.56255EPSS
Exploits1References4
OSV
OSV
added 2013/12/07 8:55 p.m.7 views

UBUNTU-CVE-2013-6407

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

6.4CVSS5.7AI score0.114EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2013/12/07 8:0 p.m.75 views

CVE-2013-6408

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Enti...

6.4CVSS6.5AI score0.114EPSS
Exploits0
Cvelist
Cvelist
added 2013/12/07 8:0 p.m.34 views

CVE-2013-6397

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. dot dot or full pathname in the tr parameter to solr/select/, when the response writer wt parameter is set to XSLT. NOTE: this can be leveraged using a separa...

6.3AI score0.56255EPSS
Exploits1References9
Cvelist
Cvelist
added 2013/12/07 8:0 p.m.42 views

CVE-2013-6407

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

6.5AI score0.114EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2013/11/20 4:38 p.m.7 views

php: Ability to read arbitrary files due use of external entities while parsing SOAP WSDL files

The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue in the soapxmlParseFile and...

5CVSS7.4AI score0.10136EPSS
Exploits0References4
NVD
NVD
added 2013/11/20 2:12 p.m.22 views

CVE-2013-6822

GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity XXE issue...

10CVSS7AI score0.02182EPSS
Exploits0References2
NVD
NVD
added 2013/11/20 2:12 p.m.20 views

CVE-2013-6815

The SHSTIUPLOADXML function in the Application Server for ABAP AS ABAP in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity XXE issue...

5CVSS6.7AI score0.0169EPSS
Exploits0References4
Prion
Prion
added 2013/11/20 2:12 p.m.21 views

Xxe

GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity XXE issue...

10CVSS7.6AI score0.02182EPSS
Exploits0References2
Cvelist
Cvelist
added 2013/11/19 7:0 p.m.24 views

CVE-2013-6815

The SHSTIUPLOADXML function in the Application Server for ABAP AS ABAP in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity XXE issue...

6.7AI score0.0169EPSS
Exploits0References4
Cvelist
Cvelist
added 2013/11/19 7:0 p.m.25 views

CVE-2013-6822

GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity XXE issue...

7AI score0.02182EPSS
Exploits0References2
NVD
NVD
added 2013/11/18 3:55 a.m.13 views

CVE-2013-4034

IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related ...

4CVSS6.1AI score0.05555EPSS
Exploits0References2
Cvelist
Cvelist
added 2013/11/16 2:0 a.m.20 views

CVE-2013-4034

IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related ...

6.1AI score0.05555EPSS
Exploits0References2
CERT
CERT
added 2013/10/30 12:0 a.m.40 views

Openbravo ERP contains an information disclosure vulnerability

Overview Openbravo ERP 2.5, 3, and possibly earlier versions contain an information disclosure vulnerability CWE-200. Description CWE-200: Information Exposure Openbravo ERP version 2.5 and version 3 contain an information disclosure vulnerability. This is due to the expanded use of XML External...

3.5CVSS5.9AI score0.21074EPSS
Exploits3References6
Rows per page
Query Builder