EUVD-2021-14747

Malware in sbrugna...

FreeBSD : ModSecurity -- empty XML tag causes segmentation fault (c0f3f54c-5bc4-11f0-834f-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c0f3f54c-5bc4-11f0-834f-b42e991fc52e advisory. [email protected] reports: ModSecurity is an open source, cross platform web application...

DEBIAN-CVE-2025-52891

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least...

CVE-2022-35881

Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicio...

CVE-2021-28040

An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in osxml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached...

CVE-2021-28040

An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in osxml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached...

Open-Xchange (OX) App Suite SSRF Vulnerability (58874)

Open-Xchange OX App Suite is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

jakarta-taglibs-standard security update

0:1.1.1-11.7 - Gracefully handle parsers without FSP support e.g. Java 5 GCJ - Resolves: CVE-2015-0254 0:1.1.1-11.6 - Prevent XXE and RCE in JSTL XML tags - Apply correction for previous CVE-2015-0254 patch prevent XXE in - Resolves: CVE-2015-0254 0:1.1.1-11.5 - Prevent XXE and RCE in JSTL XML ta...

UBUNTU-CVE-2015-0254

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity XXE attacks via a crafted XSLT extension in a 1 or 2 JSTL XML tag...

Pentaho < 4.5.0 - User Console XML Injection

======================================================================== title: Pentaho User Console XML Injection Vulnerability program: Pentaho BI User Console vulnerable version: Pentaho was injected into the XML of the client's POST request. This tag defines an external entity, xxe8295c, whic...

PT-2005-3398 · Php +1 · Phpxmlrpc +1

Name of the Vulnerable Software and Affected Versions: PHPXMLRPC versions 1.1.1 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document. These tags are injected into an eval function call. This is exploited by using...

Microsoft SQL Server 2000 - SQLXML Script Injection

source: https://www.securityfocus.com/bid/5005/info SQLXML is a component of SQL Server 2000, which enables SQL servers to receive and send database queries via XML Extensible Markup Language format. Such queries can be sent using various methods of communication, one of which is via HTTP. SQLXML...