47 matches found
Microsoft .NET Framework and .NET Core Denial of Service Vulnerability (CNVD-2018-09318)
NET Framework and .NET Core are both products of Microsoft Corporation.Microsoft .NET Framework is a comprehensive and consistent programming model and development platform for building applications for Windows, Windows Store, Windows Server, and Microsoft Azure. NET Framework is a comprehensive...
CVE-2017-12355
A vulnerability in the Local Packet Transport Services LPTS ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service DoS...
Race condition
A vulnerability in the Local Packet Transport Services LPTS ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service DoS...
CVE-2017-12355
A vulnerability in the Local Packet Transport Services LPTS ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service DoS...
Cisco IOS XR Software Local Packet Transport Services Denial of Service Vulnerability
A vulnerability in the Local Packet Transport Services LPTS ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service DoS...
XML External Entity (XXE)
PySAML2 is vulnerable to XML external entity attacks XXE. The library does not look for SAML XML requests or responses resulting in the ability to attack...
Milton Webdav 2.7.0.1 XXE Injection
Dear all, I've recently found vulnerability in Milton Webdav 2.7.0.1 project page - http://milton.io/. Milton Webdav is a Java library for adding webdav capabilities to your applications. Milton Webdav supports PROPFIND, PROPPATCH and LOCK methods. This Webdav methods expect XML in request body...
RESTeasy: External entities expanded by DocumentProvider
It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessibl...
RESTeasy: External entities expanded by DocumentProvider
It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessibl...
Cisco IP Phones Vulnerable To Remote Eavesdropping
A critical vulnerability in the firmware of Cisco small business phones lets an unauthenticated attacker to remotely eavesdrop on private conversation and make phone calls from vulnerable devices without needing to authenticate, Cisco warned. LISTEN AND MAKE PHONE CALLS REMOTELY The vulnerability...
RESTeasy: External entities expanded by DocumentProvider
It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessibl...
Updated resteasy package fix CVE-2014-3490
Updated resteasy packages fixes security vulnerability: It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEa...
MGASA-2014-0547 Updated resteasy package fix CVE-2014-3490
Updated resteasy packages fixes security vulnerability: It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEa...
Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.3.0 security update
An update for Red Hat JBoss Enterprise Application Platform 6.3.0 that fixes one security issue is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives ...
Moderate: Red Hat Security Advisory: resteasy-base security update
Updated resteasy-base packages that fix one security issue are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
RHEL 7 : resteasy-base (RHSA-2014:1011)
Updated resteasy-base packages that fix one security issue are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
UBUNTU-CVE-2012-6531
1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC...
CVE-2012-0333
Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768...
CVE-2012-0333
Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768...
HTTP SOAP Verb/Noun Brute Force Scanner
This module attempts to brute force SOAP/XML requests to uncover hidden methods. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP SOAP Verb/Noun Brute Force Scanner', 'Description' = %q Thi...