89 matches found
CVE-2016-10127
PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...
CVE-2016-10127
PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...
SAP NetWeaver AS JAVA 7.1 < 7.5 - ctcprotocol Servlet XXE
Exploit for java platform in category web applications Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: XXE Sent: 20.10.2015 Reported: 21.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016 Reference: SAP...
CVE-2016-4014
XML external entity XXE vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service system hang via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389...
Xxe
XML external entity XXE vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service system hang via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389...
CVE-2016-3974
XML external entity XXE vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to tcmonitoringwebserviceweb/ServerNodesWSService, aka SA...
Xxe
Unspecified vulnerability in the Oracle Payments component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Punch-in. NOTE: the previous information is from the...
CVE-2015-5068
XML external entity XXE vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601...
CVE-2015-5068
XML external entity XXE vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601...
CVE-2015-4091
XML external entity XXE vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tcsldwdmain/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851...
CVE-2015-0670
The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482...
Default configuration
The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482...
CVE-2015-0670
The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482...
Cisco Small Business SPA300 and SPA500 Series IP Phones Unauthenticated Remote Dial Vulnerability
A vulnerability in the firmware of the Cisco Small Business SPA 300 and 500 series IP phones could allow an unauthenticated, remote attacker to listen to the audio stream of an IP phone. The vulnerability is due to improper authentication settings in the default configuration. An attacker could...
CVE-2015-1309
XML external entity vulnerability in the Extended Computer Aided Test Tool eCATT in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATTDISPLAYXMLSTRINGREMOTE, aka SAP Note 2016638...
Xxe
XML external entity vulnerability in the Extended Computer Aided Test Tool eCATT in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATTDISPLAYXMLSTRINGREMOTE, aka SAP Note 2016638...
Microsoft ASP.NET 1.0/1.1 RPC/Encoded Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14217/info ASP.NET is susceptible to a remote denial of service vulnerability. This issue is due to the possibility of causing an infinite loop on the server when handling RPC/encoded requests. This issue presents itself...
Amtelco miSecureMessages未授权访问漏洞
Bugtraq ID:66795 CVE ID:CVE-2014-0357 Amtelco miSecureMessages是一个可用于多个移动设备上的对消息进行加密的应用。 Amtelco miSecureMessages对用户消息访问缺少正确的验证,攻击者可在XML请求中提供contactID和合法许可证键值,就可以访问任意用户消息。 0 Amtelco miSecureMessages 目前没有详细解决方案: https://misecuremessages.com/...
Amtelco miSecureMessages未授权访问漏洞
Bugtraq ID:66795 CVE ID:CVE-2014-0357 Amtelco miSecureMessages是一个可用于多个移动设备上的对消息进行加密的应用。 Amtelco miSecureMessages对用户消息访问缺少正确的验证,攻击者可在XML请求中提供contactID和合法许可证键值,就可以访问任意用户消息。 0 Amtelco miSecureMessages 目前没有详细解决方案: https://misecuremessages.com/...
CVE-2014-0357
Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application...