7706 matches found
CVE-2012-4710
CVE-2012-4710 affects Invensys Wonderware Win-XML Exporter (version 1522.148.0.0 cited). The issue is an XML External Entity (XXE) vulnerability: parsing XML with an unsafe DTD/entity declaration allows a local/remote resource disclosure, outbound HTTP requests, or a denial of service (CPU/memory...
CVE-2013-1665
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...
CVE-2013-1665
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...
Xxe
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...
bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...
Ubuntu Update for php5 USN-1761-1
Check for the Version of php5 OpenVAS Vulnerability Test $Id: gbubuntuUSN17611.nasl 7958 2017-12-01 06:47:47Z santu $ Ubuntu Update for php5 USN-1761-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...
CVE-2013-1643
The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue in the soapxmlParseFile and...
bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service resource consumption and crash via an XML...
Cisco MARS Information Disclosure Vulnerability
A vulnerability in the configuration of the XML parser of the Cisco Security Monitoring, Analysis and Response System MARS could allow an unauthenticated, remote attacker to have "read" access to part of information stored in the affected system. The vulnerability is due to improper handling of X...
php5 -- Multiple vulnerabilities
The PHP development team reports: PHP does not validate the relationship between the soap.wsdlcachedir directive and the openbasedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. The...
PT-2013-22: XML External Entity Injection in Trustwave ModSecurity
Positive Research Center experts have discovered "XML External Entity Injection" vulnerability in Trustwave ModSecurity. If an attacker sends specially crafted request containing malformed XML to server with ModSecurity, the server will automatically send the contents of local or remote resources...
PT-2013-21: XML External Entities Injection in Oracle Database
The specialists of the Positive Research center have detected an XML External Entities Injection vulnerability in Oracle Database. If an attacker sends specially crafted SQL query containing malformed XML to Oracle Database server, the server will automatically send the contents of remote resourc...
CVE-2013-1665
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...
CVE-2012-3363
ZendXmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML...
UBUNTU-CVE-2012-6531
1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC...
UBUNTU-CVE-2012-3363
ZendXmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML...
CVE-2012-3363
ZendXmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML...
PT-2013-14: XML External Entities Injection in PHP
The specialists of Positive Technologies have detected an "XXE" vulnerability in PHP. The vulnerability was detected in the PHP's built-in SoapClient and SoapServer classes. PHP allows the use of external entities while parsing SOAP wsdl files which allows an attacker to read arbitrary files. If ...
PT-2013-15: XML External Entities Injection in vBulletin 5 Connect
The specialists of the Positive Research center have detected an XML External Entities Injection vulnerability in vBulletin 5 Connect. The vulnerability was detected in "appendersocketserver.php" of the Apache log4php library used by vBulletin. PHP's built-in SoapClient class allows the use of...
PT-2013-11: XML External Entities Injection in Oracle Siebel CRM
The specialists of the Positive Research center have detected an XML External Entities Injection vulnerability in Oracle Siebel CRM. The vulnerability is possible during import of XML files in CRM Siebel. An attacker is able to read an arbitrary file on the target system. How to fix Update your...