Lucene search
K

88 matches found

CVE
CVE
added 2023/10/09 10:20 a.m.62 views

CVE-2023-45612

CVE-2023-45612 affects JetBrains Ktor with the ContentNegotiation XML format enabled in versions before 2.3.5. The root cause is an insecure default XML configuration that allows external entity processing, enabling XXE. Exploitation can lead to file disclosure (e.g., reading server files) and SS...

9.8CVSS9.4AI score0.00595EPSS
Exploits6References1Affected Software1
RedHat Linux
RedHat Linux
added 2023/06/14 8:54 a.m.4 views

dotnet: Bypass restrictions when deserializing a DataSet or DataTable from XML

A flaw was found in dotnet. This issue can allow bypass restrictions when deserializing a DataSet or DataTable from XML...

7.5CVSS5.7AI score0.01558EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/10/07 7:20 a.m.29 views

xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service

xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service SIGSEGV at xmlquery.Node.InnerText or possibly have unspecified other impact...

9.8CVSS9.2AI score0.01936EPSS
Exploits1References6Affected Software1
CNVD
CNVD
added 2021/03/19 12:0 a.m.4 views

Apache Solr Arbitrary File Read Vulnerability

Apache Solr is an independent enterprise-class search application server , it provides similar to the external Web-service API interface . Users can request via http, to the search engine server to submit a certain format of the XML file , to generate the index ; can also be operated through the...

7.2AI score
Exploits0
OSV
OSV
added 2021/01/15 9:15 p.m.25 views

CVE-2021-21250

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which may lead to arbitrary file read. When BuildSpec is provided in XML format, the spec is processed by XmlBuildSpecMigrator.migratebuildSpecString; which processes the XML document withou...

6.5CVSS6.7AI score
Exploits0References2
Fedora
Fedora
added 2021/01/08 2:52 a.m.49 views

[SECURITY] Fedora 32 Update: dia-0.97.3-16.fc32

The Dia drawing program can be used to draw different types of diagrams, and includes support for UML static structure diagrams class diagrams, entity relationship modeling, and network diagrams. Dia can load and save diagrams to a custom file format, can load and save in .xml format, and can...

5.5CVSS1.2AI score0.0037EPSS
Exploits0
OSV
OSV
added 2020/09/16 3:15 p.m.2 views

DEBIAN-CVE-2020-25614

xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service SIGSEGV at xmlquery.Node.InnerText or possibly have unspecified other impact...

9.8CVSS8.7AI score0.01936EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2020/09/16 3:15 p.m.17 views

CVE-2020-25614

xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service SIGSEGV at xmlquery.Node.InnerText or possibly have unspecified other impact...

9.8CVSS7.2AI score0.01936EPSS
Exploits1References4
OSV
OSV
added 2020/09/16 3:15 p.m.3 views

UBUNTU-CVE-2020-25614

xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service SIGSEGV at xmlquery.Node.InnerText or possibly have unspecified other impact...

9.8CVSS5.8AI score0.01936EPSS
Exploits1References5
GitLab Advisory Database
GitLab Advisory Database
added 2020/09/16 12:0 a.m.52 views

Improper Input Validation

xmlquery lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service SIGSEGV at xmlquery.Node.InnerText or possibly have unspecified other impact...

9.8CVSS6.4AI score0.01936EPSS
Exploits1References1Affected Software1
Openbugbounty
Openbugbounty
added 2020/09/12 10:13 a.m.10 views

apotheke-thiede.de Cross Site Scripting vulnerability OBB-1329126

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

0.6AI score
Exploits0
Prion
Prion
added 2020/06/03 1:15 p.m.22 views

Format string

Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format...

4CVSS4.5AI score0.00647EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/06/03 12:40 p.m.30 views

CVE-2020-2197

Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format...

4.5AI score0.00647EPSS
Exploits0References2
Fedora
Fedora
added 2019/09/14 1:54 a.m.28 views

[SECURITY] Fedora 29 Update: sphinx-2.2.11-12.fc29

Sphinx is a full-text search engine, distributed under GPL version 2. Commercial licensing e.g. for embedded use is also available upon request. Generally, it's a standalone search engine, meant to provide fast, size-efficient and relevant full-text search functions to other applications. Sphinx...

7.5CVSS0.4AI score0.02042EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2019/08/20 12:0 a.m.4 views

The vulnerability of the XStream Java library for converting objects to XML or JSON format allows attackers to execute arbitrary commands due to the recovery of unreliable data from memory.

The vulnerability of the XStream library for converting objects to XML or JSON format is related to the restoration of unreliable data in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by interfering with the processing of XML objects or other support...

10CVSS8.1AI score0.94774EPSS
Exploits4References8Affected Software29
NVD
NVD
added 2019/06/15 7:29 p.m.23 views

CVE-2019-12835

formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xmlmemorywriter::write via characters that require escaping...

9.8CVSS9.6AI score0.01583EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2019/05/13 12:0 a.m.15 views

FHIR (Fast Healthcare Interoperability Resources) over HTTP detection in XML format

Binary data 700663.prm...

7.3AI score
Exploits0References1
The Hacker News
The Hacker News
added 2019/04/17 7:26 p.m.69 views

Researcher Hijacks a Microsoft Service Using Loophole in Azure Cloud Platform

A cybersecurity professional today demonstrated a long-known unpatched weakness in Microsoft's Azure cloud service by exploiting it to take control over Windows Live Tiles, one of the key features Microsoft built into Windows 8 operating system. Introduced in Windows 8, the Live tiles feature was...

0.8AI score
Exploits0
Hacker One
Hacker One
added 2019/04/08 10:38 a.m.35 views

Starbucks: SQL Injection Extracts Starbucks Enterprise Accounting, Financial, Payroll Database

As described in the Hacker Summary, @spaceraccoon discovered a SQL Injection vulnerability in a web service backed by Microsoft Dynamics AX. @spaceraccoon demonstrated that the flaw was exploitable via XML-formatted HTTP payload requests to the server. We appreciate @spaceraccoon's clear and...

Exploits0
Packet Storm
Packet Storm
added 2019/02/14 12:0 a.m.203 views

Slims CMS Senayan Library Management System 7.0 Shell Upload

Exploit Title : Slims CMS Senayan Library Management System 7.0 Arbitrary File Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Team Date : 13/02/2019 Vendor Homepage : slims.web.id Software Download Link : github.com/slims/...

7.4AI score
Exploits0
Rows per page
Query Builder