CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm•added 2015/12/08 12:0 a.m.•33 views

OpenMRS 2.3 (1.11.4) XXE Injection

!/usr/bin/env python OpenMRS 2.3 1.11.4 XML External Entity XXE Processing PoC Exploit Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0 OpenMRS-TB System OpenMRS 1.9.7 Build 60bd9b Summary:...

7.4AI score

Exploits0

RedHat Linux•added 2015/12/07 11:59 a.m.•4 views

libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash...

5CVSS7.2AI score0.01161EPSS

Exploits0References4

RedHat Linux•added 2015/11/23 12:56 p.m.•1 views

OpenJDK: incomplete MaxXMLNameLimit enforcement (JAXP, 8086733)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911...

RedHat Linux•added 2015/11/23 12:56 p.m.•2 views

OpenJDK: leak of user.dir location (JAXP, 8078427)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP...

RedHat Linux•added 2015/11/23 12:40 p.m.•2 views

OpenJDK: leak of user.dir location (JAXP, 8078427)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP...

Friends Of PHP•added 2015/11/23 9:24 a.m.•9 views

Arbitrary file upload and XML External Entity processing

More info at https://www.neos.io/blog/flow-sa-2015-001.html...

7.2AI score

Exploits0Affected Software1

RedHat Linux•added 2015/10/22 6:44 p.m.•0 views

OpenJDK: leak of user.dir location (JAXP, 8078427)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP...

RedHat Linux•added 2015/10/22 6:44 p.m.•2 views

OpenJDK: incomplete supportDTD enforcement (JAXP, 8130078)

RedHat Linux•added 2015/10/22 6:34 p.m.•3 views

OpenJDK: incomplete supportDTD enforcement (JAXP, 8130078)

OpenJDK: leak of user.dir location (JAXP, 8078427)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP...

OpenJDK: inefficient use of hash tables and lists during XML parsing (JAXP, 8068842)

OpenJDK: incomplete supportDTD enforcement (JAXP, 8130078)

OpenJDK: incomplete MaxXMLNameLimit enforcement (JAXP, 8086733)

CNVD•added 2015/10/22 12:0 a.m.•1 views

Unspecified Vulnerability in Oracle Java SE (CNVD-2015-06917)

Oracle Java SE is the standard version of the Java platform is a Java2 platform to provide users with a program development environment. Oracle Java SE 6u101, 7u85,8u60; Java SE Embedded 8u51; An unspecified vulnerability exists in JRockit R28.3.7. Allows remote attackers to affect availability v...

5CVSS8.2AI score0.058EPSS

Exploits0References1

CNVD•added 2015/10/22 12:0 a.m.•2 views

Unspecified Vulnerability in Oracle Java SE (CNVD-2015-06916)

Oracle Java SE is the standard version of the Java platform is a Java2 platform to provide users with a program development environment. Oracle Java SE 6u101, 7u85, 8u60; Java SE Embedded 8u51; An unspecified vulnerability exists in JRockit R28.3.7. Allows remote attackers to affect availability...

5CVSS8.2AI score0.058EPSS

Exploits0References1

CNVD•added 2015/10/22 12:0 a.m.•3 views

Unspecified Vulnerability in Oracle Java SE (CNVD-2015-06920)

Oracle Java SE is the standard version of the Java platform is a Java2 platform to provide users with a program development environment. An unspecified vulnerability exists in Oracle Java SE 6u101, 7u85,8u60,Java SE Embedded 8u51. Allows remote attackers to affect confidentiality via vectors...

5CVSS8.9AI score0.02698EPSS

Exploits0References1

RedHat Linux•added 2015/10/21 9:7 p.m.•4 views

OpenJDK: leak of user.dir location (JAXP, 8078427)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP...

RedHat Linux•added 2015/10/21 9:7 p.m.•4 views

OpenJDK: incomplete MaxXMLNameLimit enforcement (JAXP, 8086733)

RedHat Linux•added 2015/10/21 8:57 p.m.•2 views

OpenJDK: leak of user.dir location (JAXP, 8078427)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP...