7706 matches found
CVE-2013-2796
Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an...
CVE-2013-2796
This entry (CVE-2013-2796) describes an XML External Entity (XXE) vulnerability in Schneider Electric products: Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier. The underlying issue is improper restriction of XML entities, allowing a remote attac...
Sybase EAServer <= 6.3.1 Multiple Security Vulnerabilities - Active Check
Sybase EAServer is prone to multiple security vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Ubuntu Update for libxml2 USN-1904-2
Check for the Version of libxml2 OpenVAS Vulnerability Test $Id: gbubuntuUSN19042.nasl 8672 2018-02-05 16:39:18Z teissa $ Ubuntu Update for libxml2 USN-1904-2 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free softwar...
SEC Consult SA-20130625-0 :: Multiple vulnerabilities in IceWarp Mail Server
SEC Consult Vulnerability Lab Security Advisory 20130625-0 ======================================================================= title: Multiple vulnerabilities in IceWarp Mail Server product: IceWarp Mail Server vulnerable version: =10.4.5 fixed version: 10.4.5-1 impact: Critical homepage:...
Atlassian Crowd XXE Vulnerability (CWD-3366) - Active Check
Atlassian Crowd is prone to an XML external entity XXE vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Ubuntu 12.04 LTS : raptor2 vulnerability (USN-1901-1)
Timothy D. Morgan discovered that Raptor would unconditionally load XML external entities. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could possibly obtain access to arbitrary files on the user's system or potentially...
Atlassian Crowd Xml eXternal Entity (XXE) Injection Vulnerability
This host is running Atlassian Crowd and is prone to xml external entity injection vulnerability. OpenVAS Vulnerability Test $Id: gbatlassiancrowdxxeinjvuln.nasl 5842 2017-04-03 13:15:19Z cfi $ Atlassian Crowd Xml eXternal Entity XXE Injection Vulnerability Authors: Thanga Prakash S Copyright:...
CVE-2013-2202
WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
USN-1901-1: Raptor vulnerability
Timothy D. Morgan discovered that Raptor would unconditionally load XML external entities. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could possibly obtain access to arbitrary files on the user's system or potentially...
Atlassian Crowd XML External Entity Request Handling Arbitrary File Disclosure
The version of Atlassian Crowd installed on the remote host is affected by an XML External Entity XXE vulnerability. This vulnerability could allow a remote, unauthenticated attacker to retrieve arbitrary files from the remote host by sending a specially crafted HTTP request with a Document Type...
ModSecurity < 2.7.3 XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
According to its banner, the version of ModSecurity installed on the remote host is earlier than 2.7.3. It is, therefore, potentially affected by a file disclosure vulnerability. An improperly configured XML parser could allow untrusted XML entities from external sources to be accepted, thus...
CVE-2013-3925
Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP requests to intranet servers via a request to 1 /services/2 or 2 services/latest with a DTD containing an XML external entity declaration in conjunction with an...
Xxe
Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP requests to intranet servers via a request to 1 /services/2 or 2 services/latest with a DTD containing an XML external entity declaration in conjunction with an...
CVE-2013-3925
Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP requests to intranet servers via a request to 1 /services/2 or 2 services/latest with a DTD containing an XML external entity declaration in conjunction with an...
CVE-2013-3925
CVE-2013-3925 affects Atlassian Crowd prior to version 2.5.4, 2.6.x prior to 2.6.3, as well as 2.3.8 and 2.4.9. The flaw is an XML External Entity (XXE) vulnerability that enables remote attackers to read arbitrary files and cause requests to intranet servers by crafting a request to /services/2 ...
PT-2013-4747 · Atlassian · Crowd
Name of the Vulnerable Software and Affected Versions: Atlassian Crowd versions 2.3.8 Atlassian Crowd versions 2.4.9 Atlassian Crowd versions 2.5.x through 2.5.3 Atlassian Crowd versions 2.6.x through 2.6.2 Description: The issue allows remote attackers to read arbitrary files and send HTTP...
PT-2013-59: XML External Entities Injection in Huawei M2000
The specialists of the Positive Research center have detected an XML External Entities Injection vulnerability in Huawei M2000. An XML document may contain a Document Type Definition that, among other features, allows the definition of external entities. A malicious user may perform attacks aimed...
WordPress < 3.5.2 Multiple Vulnerabilities
Binary data 6883.prm...
SAP SMB Relay Abuse
This module exploits provides several SMB Relay abuse through different SAP services and functions. The attack is done through specially crafted requests including a UNC Path which will be accessing by the SAP system while trying to process the request. In order to get the hashes the...