VulnCheck KEV: CVE-2017-17762

XML external entity XXE vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx...

EUVD-2014-0395

Malware in sbrugna...

EUVD-2017-8913

Malware in sbrugna...

EUVD-2018-12729

Malware in sbrugna...

EUVD-2015-9122

Malware in sbrugna...

EUVD-2017-0106

Malware in sbrugna...

MAL-2025-47024 Malicious code in xml-request-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21f1d42d43604327ee124527dd04dcb37f13b0d2c46a4f2dc3e3764c7b2000bb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview xml-request-parser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in xml-request-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21f1d42d43604327ee124527dd04dcb37f13b0d2c46a4f2dc3e3764c7b2000bb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-20357

A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by...

CVE-2024-20357

A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by...

SUSE CVE-2016-10149

XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...

SUSE CVE-2017-7756

A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests XHR. This could result in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...

httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody

A flaw was found in httpd, where it incorrectly limits the value of the LimitXMLRequestBody option. This issue can lead to an integer overflow and later causes an out-of-bounds write...

SRC-2022-0022 : VMWare Cloud Foundation NSX-V VsmUsernamePasswordAuthenticationFilter parseUsernamePasswordFromXML XML External Entity Processing Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMWare Cloud Foundation NSX-V. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VsmUsernamePasswordAuthenticationFilter...

CLSA-2022-1648136371 Fix of CVE: CVE-2022-22721, CVE-2022-23943, CVE-2022-22719, CVE-2022-22720

CVE-2022-22719: modlua: error out if luareadbody or luawritebody fail - CVE-2022-22720: simpler connection close logic if discarding the request body fails - CVE-2022-22721: make sure and check that LimitXMLRequestBody fits in system memory - CVE-2022-23943: modsed: use sizet to allow for larger...

USN-5333-2 apache2 vulnerabilities

USN-5333-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Chamal De Silva discovered that the Apache HTTP Server modlua module incorrectly handled certain crafted request bodies. A remote...

USN-5333-1 apache2 vulnerabilities

Chamal De Silva discovered that the Apache HTTP Server modlua module incorrectly handled certain crafted request bodies. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. CVE-2022-22719 James Kettle discovered that the Apache HTTP Serv...

ALPINE-CVE-2022-22721

If LimitXMLRequestBody is set to allow request bodies larger than 350MB defaults to 1M on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier...

CVE-2020-15352

An XML external entity XXE vulnerability in Pulse Connect Secure PCS before 9.1R9 and Pulse Policy Secure PPS before 9.1R9 allows remote authenticated admins to conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...