Oracle Linux 5 : tomcat (ELSA-2009-1164)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-1164 advisory. - add patch for CVE-2007-5333 Resolves: rhbz427779 - add patch for CVE-2008-5515 Resolves: rhbz504758 - add patch for CVE-2009-0033 - add patch for...

Oracle Linux 3 : httpd (ELSA-2009-1108)

From Red Hat Security Advisory 2009:1108 : Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server...

Oracle Linux 5 : PyXML (ELSA-2010-0002)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2010-0002 advisory. 0.8.4-4.2 - Use system expat library Resolves: 531852 0.8.4-4.1 - Fix buffer over read Resolves: 531852 Tenable has extracted the preceding description block...

Oracle Linux 3 / 4 : 4Suite (ELSA-2009-1572)

From Red Hat Security Advisory 2009:1572 : An updated 4Suite package that fixes one security issue is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The 4Suite package contains XML-related...

Apache CXF多个远程拒绝服务漏洞(CVE-2013-2160)

BUGTRAQ ID: 61030 CVECAN ID: CVE-2013-2160 Apache CXF是一个开源服务框架，用于使用JAX-WS、JAX-RS等前端编程API编译和开发服务。 Apache CXF 2.5.10, 2.6.7, 2.7.4存在多个远程拒绝服务漏洞，流XML解析器没有限制元素数、属性数、接收文档嵌套结构等，攻击者利用这些漏洞可造成应用崩溃，导致拒绝服务。 0 Apache Group CXF = 2.5.10 Apache Group CXF 2.7.4 Apache Group CXF 2.6.7 厂商补丁： Apache Group...

DEBIAN-CVE-2013-2877

parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service out-of-bounds read via a document that ends abruptly, related to the lack of certain checks for the XMLPARSEREOF state...

Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service

Exploit for multiple platform in category dos / poc ======================================================================= title: Denial of service vulnerability product: Apache CXF vulnerable version: Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 fixed version: Apache CXF 2.5.10, 2.6.7 and 2.7.4...

PHP5 -- Heap corruption in XML parser

The PHP development team reports: ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted document that is processed by the...

Apache CXF Denial of Service Vulnerabilities Patched

The Apache Software Foundation has patched a denial of service vulnerability in the XML parser of the Apache CXF Web services framework. Researchers, Andreas Falkenberg from Sec Consult Vulnerability Labs, and Christian Mainka, Juraj Somorovsky, and Joerg Schwenk from Ruhr-University Bochum,...

Atlassian Crowd Xml eXternal Entity (XXE) Injection Vulnerability

This host is running Atlassian Crowd and is prone to xml external entity injection vulnerability. OpenVAS Vulnerability Test $Id: gbatlassiancrowdxxeinjvuln.nasl 5842 2017-04-03 13:15:19Z cfi $ Atlassian Crowd Xml eXternal Entity XXE Injection Vulnerability Authors: Thanga Prakash S Copyright:...

Apache CXF < 2.5.10/2.6.7/2.7.4 - Denial of Service

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Denial of service vulnerability product: Apache CXF vulnerable version: Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 fixed version: Apache CXF 2.5.10, 2.6.7 and 2.7.4...

ModSecurity < 2.7.3 XML External Entity (XXE) Data Parsing Arbitrary File Disclosure

According to its banner, the version of ModSecurity installed on the remote host is earlier than 2.7.3. It is, therefore, potentially affected by a file disclosure vulnerability. An improperly configured XML parser could allow untrusted XML entities from external sources to be accepted, thus...

CVE-2009-5135

The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows remote attackers to read arbitrary files via a request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

CVE-2009-5135

The Echo Java XML parser has an XXE vulnerability: versions before 2.1.1 and 3.x before 3.0.b6 allow remote attackers to read arbitrary files via an external entity declaration combined with an entity reference. Remediation: upgrade to Echo 2.1.1+ or 3.0.b6+.

Google Chrome < 18.0.1025.168 Multiple Vulnerabilities

Binary data 6783.pasl...

Cisco Unified Presence XMPP Denial of Service Vulnerability

The XML parser of Cisco Unified Presence contains a vulnerability that could allow an authenticated, remote attacker to trigger a crash of the jabberd process, causing a denial of service condition. The vulnerability is due to insufficient validation of crafted XML in Extensible Messaging and...

CVE-2013-1197

The XML parser in the server in Cisco Unified Presence CUP allows remote authenticated users to cause a denial of service jabberd daemon crash via crafted XML content in an XMPP message, aka Bug ID CSCue13912...

Code injection

The XML parser in the server in Cisco Unified Presence CUP allows remote authenticated users to cause a denial of service jabberd daemon crash via crafted XML content in an XMPP message, aka Bug ID CSCue13912...

CVE-2013-1197

The XML parser in the server in Cisco Unified Presence CUP allows remote authenticated users to cause a denial of service jabberd daemon crash via crafted XML content in an XMPP message, aka Bug ID CSCue13912...

CVE-2013-1197

The CVE-2013-1197 issue affects Cisco Unified Presence (CUP): the server's XML parser in the jabberd process can be triggered by crafted XMPP messages by an authenticated remote attacker to cause a denial of service (jabberd daemon crash). The vulnerability is due to insufficient validation of XM...