7706 matches found
CVE-2013-6244
The CVE-2013-6244 issue affects SAP NetWeaver 7.31 and earlier, in the Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP). The root cause is an XML External Entity (XXE) vulnerability where an XML document containing an external entity declaration and an entity ref...
Apache Shindig 2.5.0 XXE Injection
CVE-2013-4295: XXE vulnerability In Apache Shindig 2.5.0 PHP Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Shindig PHP 2.5.0 Description: The gadget renderer in the PHP version of Apache Shindig is subject to an XML External Entity XXE Injection attack. The...
Apache Shindig - XML External Entity Information Disclosure
Apache Shindig - XML External Entity Information Disclosure source: https://www.securityfocus.com/bid/63260/info Apache Shindig is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Apache...
Xxe
Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in conjunction with an entity referenc...
CVE-2013-1881
GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
CVE-2013-1881
GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
DEBIAN-CVE-2013-1881
GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
CVE-2013-1881
GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
PT-2016-35: XML External Entity Injection in Liebert SiteScan
The specialists of the Positive Research center have detected an XML External Entity Injection vulnerability in Liebert SiteScan. Vulnerability in Liebert SiteScan allows attackers to obtain sensitive information via a specially crafted XML request. How to fix Update your software up to the lates...
php: Ability to read arbitrary files due use of external entities while parsing SOAP WSDL files
The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue in the soapxmlParseFile and...
Cisco Prime Data Center Network Manager < 6.2(1) Multiple Vulnerabilities (credentialed check)
According to its self-reported version number, the version of Cisco Prime Data Center Network Manager DCNM installed on the remote host is affected by multiple vulnerabilities : - Multiple remote command execution vulnerabilities exist in the DCNM-SAN Server component. CVE-2013-5486 - An...
Cisco Prime Data Center Network Manager < 6.2(1) Multiple Vulnerabilities (uncredentialed check)
According to its self-reported version number, the version of Cisco Prime Data Center Network Manager DCNM installed on the remote host is affected by multiple vulnerabilities : - Multiple remote command execution vulnerabilities exist in the DCNM-SAN Server component. CVE-2013-5486 - An...
CVE-2013-5490
Cisco Prime Data Center Network Manager DCNM before 6.21 allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka Bug ID CSCud80148...
Cisco Releases Security Advisory for Cisco Prime Data Center Network Manager (DCNM)
Cisco has released three security advisories to address multiple vulnerabilities affecting various components of Cisco Prime Data Center Network Manager DCNM. These vulnerabilities may allow an unauthenticated, remote attacker to disclose file components and access text files on an affected devic...
CVE-2013-1824
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue in the soapxmlParseFile and...
CVE-2013-1824
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue in the soapxmlParseFile and...
Moderate: Red Hat Security Advisory: Red Hat Storage Console 2.1 security update
Updated Red Hat Storage Console packages that fix one security issue, various bugs, and add enhancements are now available for Red Hat Storage Server 2.1. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...
RESTEasy: XML eXternal Entity (XXE) flaw
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity XXE injection attack...
CVE-2013-1824
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue in the soapxmlParseFile and...
CVE-2013-1824
CVE-2013-1824 affects PHP’s SOAP parser: PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL containing an XML external entity declaration with an entity reference (XXE) in soap_xmlParseFile/soap_xmlParseMemory. The MiracleLinux advisory notes...