Lucene search
+L

7706 matches found

CVE
CVE
added 2013/04/04 4:0 p.m.45 views

CVE-2012-4710

CVE-2012-4710 affects Invensys Wonderware Win-XML Exporter (version 1522.148.0.0 cited). The issue is an XML External Entity (XXE) vulnerability: parsing XML with an unsafe DTD/entity declaration allows a local/remote resource disclosure, outbound HTTP requests, or a denial of service (CPU/memory...

9.3CVSS7.1AI score0.02078EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2013/04/03 12:55 a.m.26 views

CVE-2013-1665

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...

5CVSS9.4AI score0.04593EPSS
Exploits0References11
OSV
OSV
added 2013/04/03 12:55 a.m.10 views

CVE-2013-1665

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...

6.6AI score
Exploits0References11
Prion
Prion
added 2013/04/03 12:55 a.m.18 views

Xxe

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...

5CVSS7.2AI score0.04593EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2013/03/21 6:8 p.m.4 views

bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...

5CVSS7.4AI score0.04593EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2013/03/15 12:0 a.m.45 views

Ubuntu Update for php5 USN-1761-1

Check for the Version of php5 OpenVAS Vulnerability Test $Id: gbubuntuUSN17611.nasl 7958 2017-12-01 06:47:47Z santu $ Ubuntu Update for php5 USN-1761-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...

5CVSS7.9AI score0.10136EPSS
Exploits0References2
NVD
NVD
added 2013/03/06 1:10 p.m.28 views

CVE-2013-1643

The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue in the soapxmlParseFile and...

5CVSS6.7AI score0.10136EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2013/03/05 8:56 p.m.13 views

bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service resource consumption and crash via an XML...

5CVSS7.4AI score0.04863EPSS
Exploits1References4
Cisco
Cisco
added 2013/03/04 9:24 p.m.17 views

Cisco MARS Information Disclosure Vulnerability

A vulnerability in the configuration of the XML parser of the Cisco Security Monitoring, Analysis and Response System MARS could allow an unauthenticated, remote attacker to have "read" access to part of information stored in the affected system. The vulnerability is due to improper handling of X...

4.3CVSS1AI score0.01161EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2013/03/04 12:0 a.m.34 views

php5 -- Multiple vulnerabilities

The PHP development team reports: PHP does not validate the relationship between the soap.wsdlcachedir directive and the openbasedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. The...

6.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2013/02/27 12:0 a.m.6 views

PT-2013-22: XML External Entity Injection in Trustwave ModSecurity

Positive Research Center experts have discovered "XML External Entity Injection" vulnerability in Trustwave ModSecurity. If an attacker sends specially crafted request containing malformed XML to server with ModSecurity, the server will automatically send the contents of local or remote resources...

10CVSS7.4AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2013/02/26 12:0 a.m.11 views

PT-2013-21: XML External Entities Injection in Oracle Database

The specialists of the Positive Research center have detected an XML External Entities Injection vulnerability in Oracle Database. If an attacker sends specially crafted SQL query containing malformed XML to Oracle Database server, the server will automatically send the contents of remote resourc...

6.4CVSS7.3AI score0.02463EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2013/02/19 12:0 a.m.40 views

CVE-2013-1665

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...

5CVSS7.2AI score0.04593EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2013/02/13 5:55 p.m.27 views

CVE-2012-3363

ZendXmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML...

9.1CVSS7.3AI score0.50248EPSS
Exploits1References3
OSV
OSV
added 2013/02/13 5:55 p.m.2 views

UBUNTU-CVE-2012-6531

1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC...

6.4CVSS7.5AI score0.02519EPSS
Exploits0References8
OSV
OSV
added 2013/02/13 5:55 p.m.6 views

UBUNTU-CVE-2012-3363

ZendXmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML...

9.1CVSS5.9AI score0.50248EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2013/02/13 5:0 p.m.7 views

CVE-2012-3363

ZendXmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML...

7.2AI score0.50248EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2013/02/07 12:0 a.m.11 views

PT-2013-14: XML External Entities Injection in PHP

The specialists of Positive Technologies have detected an "XXE" vulnerability in PHP. The vulnerability was detected in the PHP's built-in SoapClient and SoapServer classes. PHP allows the use of external entities while parsing SOAP wsdl files which allows an attacker to read arbitrary files. If ...

5CVSS8.4AI score0.10136EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2013/02/07 12:0 a.m.9 views

PT-2013-15: XML External Entities Injection in vBulletin 5 Connect

The specialists of the Positive Research center have detected an XML External Entities Injection vulnerability in vBulletin 5 Connect. The vulnerability was detected in "appendersocketserver.php" of the Apache log4php library used by vBulletin. PHP's built-in SoapClient class allows the use of...

6.4CVSS7.6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2013/02/05 12:0 a.m.14 views

PT-2013-11: XML External Entities Injection in Oracle Siebel CRM

The specialists of the Positive Research center have detected an XML External Entities Injection vulnerability in Oracle Siebel CRM. The vulnerability is possible during import of XML files in CRM Siebel. An attacker is able to read an arbitrary file on the target system. How to fix Update your...

5CVSS6.6AI score0.01234EPSS
Exploits0References4
Rows per page
Query Builder