2722 matches found
QlikView Server AccessPoint XML External Entity Injection
The version of QlikView Server running on the remote host is 11.20 prior to 11.20 SR12. It is, therefore, affected by an XML external entity XXE injection vulnerability, specifically DTD parameter injection, in the /AccessPoint.aspx script due to an incorrectly configured XML parser accepting XML...
Expat XML Parser Denial of Service Vulnerability
Expat is a C-based XML parser library , it uses a stream-oriented parser . Expat's XML parser fails to use proper entropy for hash initialization, allowing a remote attacker to exploit a vulnerability that could be exploited to construct special XML documents that would trick an application into...
Expat Encryption Mechanism Breach Vulnerability
Expat is a C-based XML parser library , it uses a stream-oriented parser . A security vulnerability exists in Expat when a program uses or passes a 0-seed in a parser call to XMLSetHashSalt, allowing a remote attacker to exploit the vulnerability to compromise cryptographic protection mechanisms...
SAP NetWeaver AS Java 7.5 XXE in com.sap.km.cm.ice
Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.5 Vendor URL: SAP Bugs: XXE Reported: 17.06.2016 Vendor response: 18.06.2016 Date of Public Advisory: 11.04.2017 Reference: SAP Security Note 2387249 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: XXE...
SAP Netweaver AS Java - XXE vulnerability in Visual Composer VC70RUNTIME
Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS JAVA 7.5 Vendor URL: SAP Bugs: XXE Reported: 17.06.2016 Vendor response: 18.06.2016 Date of Public Advisory: 14.02.2017 Reference: SAP Security Note 2386873 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: XXE Impact:...
DEBIAN-CVE-2016-5300
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...
ALPINE-CVE-2016-5300
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...
CVE-2016-5300
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...
CVE-2016-5300
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...
Code injection
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...
CVE-2016-5300
Expat CVE-2016-5300 is a denial-of-service vulnerability in the Expat XML parser caused by insufficient entropy used for hash initialization. The issue allows context-dependent attackers to cause CPU exhaustion via crafted identifiers in XML documents. Connected material confirms this as an Expat...
CVE-2016-5300
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...
CVE-2016-5300
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...
CVE-2016-5300
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...
Dell OpenManage Server Administrator 8.3 - XML External Entity Exploit
Exploit for multiple platform in category web applications !/usr/bin/ruby Exploit Title: Dell OpenManage Server Administrator 8.3 XXE Date: June 9, 2016 Exploit Author: hantwister Vendor Homepage:...
openSUSE Security Update : expat (openSUSE-2016-695)
This update for expat fixes the following issues : Security issue fixed : - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. bsc979441 - CVE-2015-1283: Fix multiple integer overflows. bnc980391 This update was imported from the SUSE:SLE-12:Update...
[SECURITY] [DLA 505-1] libpdfbox-java security update
Package : libpdfbox-java Version : 1:1.7.0+dfsg-4+deb7u1 CVE ID : CVE-2016-2175 Apache PDFBox did not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted PDF. This may lead to the disclosure of confidential data,...
XML Parser and Core Services upgrade
Question: Security scan detected obsolete software Microsoft XML Parser and Microsoft XML Core Services MSXML 4.0. Do we need & use XML for Xenmobile? Can we remove or update XML? Answer: This specific item is a very common scan error that likely does not have anything to do with XenMobile. In fa...
[SECURITY] [DSA 3597-1] expat security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3597-1 [email protected] https://www.debian.org/security/ Luciano Bello June 07, 2016 https://www.debian.org/security/faq -...
SUSE-SU-2016:1508-1 Security update for expat
This update for expat fixes the following issues: Security issue fixed: - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. bsc979441 - CVE-2015-1283: Fix multiple integer overflows. bnc980391...