Lucene search
+L

7706 matches found

NVD
NVD
added 2013/05/09 12:31 p.m.28 views

CVE-2013-1225

Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager 1 HTTP or 2 HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka...

7.8CVSS6.7AI score0.01595EPSS
Exploits0References1
Prion
Prion
added 2013/05/09 12:31 p.m.29 views

Xxe

Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager 1 HTTP or 2 HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka...

7.8CVSS7.2AI score0.01595EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2013/05/09 10:0 a.m.26 views

CVE-2013-1225

Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager 1 HTTP or 2 HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka...

6.7AI score0.01595EPSS
Exploits0References1
Cvelist
Cvelist
added 2013/05/08 10:0 a.m.23 views

CVE-2013-3503

The Profile Importer feature in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External...

6.3AI score0.01177EPSS
Exploits0References3
NVD
NVD
added 2013/05/02 2:55 p.m.25 views

CVE-2012-5657

The 1 ZendFeedRss and 2 ZendFeedAtom classes in ZendFeed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service CPU and memory consumption via an XML External...

5CVSS9.3AI score0.01705EPSS
Exploits0References6
OSV
OSV
added 2013/05/02 2:55 p.m.5 views

UBUNTU-CVE-2012-5657

The 1 ZendFeedRss and 2 ZendFeedAtom classes in ZendFeed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service CPU and memory consumption via an XML External...

5CVSS7.5AI score0.01705EPSS
Exploits0References6
Cvelist
Cvelist
added 2013/05/02 2:0 p.m.165 views

CVE-2012-5657

The 1 ZendFeedRss and 2 ZendFeedAtom classes in ZendFeed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service CPU and memory consumption via an XML External...

9.3AI score0.01705EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2013/04/30 12:0 a.m.25 views

Fedora 18 : mediawiki-1.19.5-1.fc18 (2013-6171)

An internal review discovered that specially crafted Lua function names could lead to XSS. https://bugzilla.wikimedia.org/showbug.cgi?id=46084 Daniel Franke reported that during SVG parsing, MediaWiki failed to prevent XML external entity XXE processing. This could lead to local file disclosure, ...

6.1CVSS6.5AI score0.01639EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2013/04/30 12:0 a.m.44 views

Mandriva Linux Security Advisory : apache-mod_security (MDVSA-2013:156)

A vulnerability has been found and corrected in apache-modsecurity : ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with...

7.5CVSS5.2AI score0.04208EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2013/04/26 12:0 a.m.24 views

Fedora 19 : mediawiki-1.20.4-1.fc19 (2013-5874)

An internal review discovered that specially crafted Lua function names could lead to XSS. https://bugzilla.wikimedia.org/showbug.cgi?id=46084 - Daniel Franke reported that during SVG parsing, MediaWiki failed to prevent XML external entity XXE processing. This could lead to local file...

5.8AI score
Exploits0References5
OSV
OSV
added 2013/04/25 11:55 p.m.7 views

CVE-2013-1915

ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity XXE vulnerability...

6.6AI score
Exploits0References23
OSV
OSV
added 2013/04/25 11:55 p.m.2 views

DEBIAN-CVE-2013-1915

ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity XXE vulnerability...

7.5CVSS7AI score0.04208EPSS
Exploits1References1
CVE
CVE
added 2013/04/25 11:0 p.m.94 views

CVE-2013-1915

CVE-2013-1915 (ModSecurity XXE) : ModSecurity before 2.7.3 is vulnerable to an XML External Entity (XXE) attack via an XML entity declaration and a referenced entity. This can allow remote attackers to read arbitrary files, make HTTP requests to intranet servers, or trigger denial of service (CPU...

7.5CVSS6.7AI score0.04208EPSS
Exploits1References15Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/04/24 12:0 a.m.23 views

MediaWiki 1.19.x < 1.19.5 / 1.20.x < 1.20.4 Multiple Vulnerabilities

According to its version number, the instance of MediaWiki running on the remote host is affected by multiple security vulnerabilities : - A flaw exists because the application fails to validate input passed via Lua function names before returning it to the user. This allows a remote attacker to...

6.1CVSS6.4AI score0.01639EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2013/04/20 12:0 a.m.35 views

Mandriva Linux Security Advisory : php (MDVSA-2013:114)

Multiple vulnerabilities has been discovered and corrected in php : ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdlcachedir directive and the openbasedir directive, which allows remote attackers to bypass intended access...

7.5CVSS8.5AI score0.10136EPSS
Exploits0References5
Zero Day Initiative
Zero Day Initiative
added 2013/04/09 12:0 a.m.27 views

Hewlett-Packard Intelligent Management Center RssServlet Information Disclosure Vulnerability

This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of HP Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RssServlet servlet. This servlet suffers from a XML externa...

9.4CVSS3.9AI score0.02987EPSS
Exploits0References1
OSV
OSV
added 2013/04/09 12:0 a.m.35 views

DSA-2659-1 libapache-mod-security - XML external entity processing vulnerability

Bulletin has no description...

7.5CVSS6AI score0.04208EPSS
Exploits1
NVD
NVD
added 2013/04/04 4:55 p.m.19 views

CVE-2012-4710

Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference...

9.3CVSS6.9AI score0.02078EPSS
Exploits0References1
Prion
Prion
added 2013/04/04 4:55 p.m.14 views

Xxe

Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference...

9.3CVSS7.4AI score0.02078EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2013/04/04 4:0 p.m.23 views

CVE-2012-4710

Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML external entity declaration in conjunction with an entity reference...

6.9AI score0.02078EPSS
Exploits0References1
Rows per page
Query Builder