18 matches found
CVE-2019-18213
XML Language Server aka lsp4xml before 0.9.1, as used in Red Hat XML Language Support aka vscode-xml before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF as well as SMB connection initiation that can lead to NetNTLM challenge/response captu...
CVE-2019-18212
XMLLanguageService.java in XML Language Server aka lsp4xml before 0.9.1, as used in Red Hat XML Language Support aka vscode-xml before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal...
EUVD-2019-8012
Malware in sbrugna...
libxslt: Multiple Vulnerabilities
Background libxslt is the XSLT C library developed for the GNOME project. XSLT itself is an XML language to define transformations for XML. Description Multiple vulnerabilities have been discovered in libxslt. Please review the CVE identifiers referenced below for details. Impact Please review th...
LemMinX 路径遍历漏洞
LemMinX is an open source Xml language server from the Eclipse Foundation. It can be used with any editor that supports the protocol, thus providing good support for the Xml language. A security vulnerability exists in LemMinX that stems from a directory traversal flaw found in versions of LemMin...
CVE-2019-18213
XML Language Server aka lsp4xml before 0.9.1, as used in Red Hat XML Language Support aka vscode-xml before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF as well as SMB connection initiation that can lead to NetNTLM challenge/response captu...
CVE-2019-18212
XMLLanguageService.java in XML Language Server aka lsp4xml before 0.9.1, as used in Red Hat XML Language Support aka vscode-xml before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal...
CVE-2019-18213
XML Language Server aka lsp4xml before 0.9.1, as used in Red Hat XML Language Support aka vscode-xml before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF as well as SMB connection initiation that can lead to NetNTLM challenge/response captu...
Directory traversal
XMLLanguageService.java in XML Language Server aka lsp4xml before 0.9.1, as used in Red Hat XML Language Support aka vscode-xml before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal...
Design/Logic Flaw
XML Language Server aka lsp4xml before 0.9.1, as used in Red Hat XML Language Support aka vscode-xml before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF as well as SMB connection initiation that can lead to NetNTLM challenge/response captu...
CVE-2019-18213
XML Language Server aka lsp4xml before 0.9.1, as used in Red Hat XML Language Support aka vscode-xml before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF as well as SMB connection initiation that can lead to NetNTLM challenge/response captu...
CVE-2019-18213
XML Language Server (lsp4xml) prior to 0.9.1 used in Red Hat XML Language Support (vscode-xml) prior to 0.9.1 is affected. The vulnerability arises in extensions/contentmodel/participants/diagnostics/LSPXMLParserConfiguration.java, where XXE can be triggered by a crafted XML document, leading to ...
CVE-2019-18212
XMLLanguageService.java in XML Language Server aka lsp4xml before 0.9.1, as used in Red Hat XML Language Support aka vscode-xml before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal...
CVE-2019-18212
XML Language Service (lsp4xml) in Red Hat XML Language Support (vscode-xml) versions before 0.9.1 is affected by a directory traversal vulnerability that allows a remote attacker to write to arbitrary files via XMLLanguageService.java. The issue is present in the XML Language Server implementatio...
Debian Security Advisory DSA 3605-1 (libxslt - security update)
Several vulnerabilities were discovered in libxslt, an XSLT processing runtime library, which could lead to information disclosure or denial-of-service application crash against an application using the libxslt library. OpenVAS Vulnerability Test $Id: deb3605.nasl 6608 2017-07-07 12:05:05Z cfisch...
libxslt: Denial of service
Background libxslt is the XSLT C library developed for the GNOME project. XSLT is an XML language to define transformations for XML. Description An out of bounds read error has been found in libxslt/pattern.c in libxslt. Impact A remote attacker could entice a user to process an XML file using a...
Apple QuickTime插件任意脚本执行漏洞
Apple QuickTime是一款流行的媒体播放程序。 Apple QuickTime处理Media Link文件存在问题,远程攻击者可以利用漏洞导致任意脚本代码执行,获得敏感信息。 Media Link文件提供对媒体文件更方便的访问模式,.qtl文件使用xml语言,类似语法如下: ?xml version="1.0" ?quicktime type="application/x-quicktime-media-link"? embed src="Sample.mov" autoplay="true"/...
Mozilla XUL interface spoofing
By using XML based language it's possible to spoof browser interface...