7706 matches found
CVE-2013-1225
Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager 1 HTTP or 2 HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka...
Xxe
Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager 1 HTTP or 2 HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka...
CVE-2013-1225
Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager 1 HTTP or 2 HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka...
CVE-2013-3503
The Profile Importer feature in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External...
CVE-2012-5657
The 1 ZendFeedRss and 2 ZendFeedAtom classes in ZendFeed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service CPU and memory consumption via an XML External...
UBUNTU-CVE-2012-5657
The 1 ZendFeedRss and 2 ZendFeedAtom classes in ZendFeed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service CPU and memory consumption via an XML External...
CVE-2012-5657
The 1 ZendFeedRss and 2 ZendFeedAtom classes in ZendFeed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service CPU and memory consumption via an XML External...
Fedora 18 : mediawiki-1.19.5-1.fc18 (2013-6171)
An internal review discovered that specially crafted Lua function names could lead to XSS. https://bugzilla.wikimedia.org/showbug.cgi?id=46084 Daniel Franke reported that during SVG parsing, MediaWiki failed to prevent XML external entity XXE processing. This could lead to local file disclosure, ...
Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2013:156)
A vulnerability has been found and corrected in apache-modsecurity : ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with...
Fedora 19 : mediawiki-1.20.4-1.fc19 (2013-5874)
An internal review discovered that specially crafted Lua function names could lead to XSS. https://bugzilla.wikimedia.org/showbug.cgi?id=46084 - Daniel Franke reported that during SVG parsing, MediaWiki failed to prevent XML external entity XXE processing. This could lead to local file...
CVE-2013-1915
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity XXE vulnerability...
DEBIAN-CVE-2013-1915
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity XXE vulnerability...
CVE-2013-1915
CVE-2013-1915 (ModSecurity XXE) : ModSecurity before 2.7.3 is vulnerable to an XML External Entity (XXE) attack via an XML entity declaration and a referenced entity. This can allow remote attackers to read arbitrary files, make HTTP requests to intranet servers, or trigger denial of service (CPU...
MediaWiki 1.19.x < 1.19.5 / 1.20.x < 1.20.4 Multiple Vulnerabilities
According to its version number, the instance of MediaWiki running on the remote host is affected by multiple security vulnerabilities : - A flaw exists because the application fails to validate input passed via Lua function names before returning it to the user. This allows a remote attacker to...
Mandriva Linux Security Advisory : php (MDVSA-2013:114)
Multiple vulnerabilities has been discovered and corrected in php : ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdlcachedir directive and the openbasedir directive, which allows remote attackers to bypass intended access...
Hewlett-Packard Intelligent Management Center RssServlet Information Disclosure Vulnerability
This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of HP Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RssServlet servlet. This servlet suffers from a XML externa...
DSA-2659-1 libapache-mod-security - XML external entity processing vulnerability
Bulletin has no description...
CVE-2012-4710
Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference...
Xxe
Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference...
CVE-2012-4710
Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference...