255 matches found
CVE-2017-7664
Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0...
SAP Updates Two-Year-Old Patch for TREX Vulnerability
SAP has issued an updated patch for a code-injection vulnerability affecting the TREX search engine integrated into more than a dozen SAP products, including the old NetWeaver application integration platform and the SAP HANA database. The flaw was originally found in 2015 and patched in SAP HANA...
CVE-2017-5643
It was found that Apache Camel's validation component evaluates DTD headers of XML stream sources, although a validation against XML schemas XSD is executed. Remote attackers can use this feature to make Server-Side Request Forgery SSRF attacks by sending XML documents with remote DTDs URLs or XM...
MS16-035: Description of the security update for the .NET Framework 3.5 in Windows 8.1 and Windows Server 2012 R2: March 8, 2016
MS16-035: Description of the security update for the .NET Framework 3.5 in Windows 8.1 and Windows Server 2012 R2: March 8, 2016 View products that this article applies to. Summary This update resolves a vulnerability in the Microsoft .NET Framework. The security feature bypass exists in a .NET...
MS16-035: Description of the security update for the .NET Framework 3.5 in Windows Server 2012: March 8, 2016
MS16-035: Description of the security update for the .NET Framework 3.5 in Windows Server 2012: March 8, 2016 View products that this article applies to. Summary This update resolves a vulnerability in the Microsoft .NET Framework. The security feature bypass exists in a .NET Framework component...
MS16-035: Description of the security update for the .NET Framework 4.5.2 in Windows Server 2012: March 8, 2016
MS16-035: Description of the security update for the .NET Framework 4.5.2 in Windows Server 2012: March 8, 2016 October 11, 2016 This security update has been re-released to Windows Server Update Services WSUS channel because of an offering issue that may have affected some WSUS customers who had...
Microsoft .NET Framework XML Validation Security Feature Bypass Vulnerability
Microsoft .NET Framework is a comprehensive and consistent programming model developed by Microsoft Corporation USA and a development platform for building Windows, Windows Store, Windows Phone, Windows Server and Microsoft Azure Windows Store, Windows Phone, Windows Server, and Microsoft Azure...
Microsoft .NET XML Validation Security Feature Bypass Vulnerability (3141780)
This host is missing an important security update according to Microsoft Bulletin MS16-035 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
KLA10768 Security bypass vulnerability in Microsoft .NET Framework
An improper XML validation was found in Microsoft .NET Framework. By exploiting this vulnerability malicious users can bypass security restrictions. This vulnerability can be exploited remotely via signed XML file manipulations. Original advisories CVE-2016-0132 Related products...
Ipswitch WhatsUp Gold SQL Injection Vulnerability
WhatsUp Gold provides a complete and easy-to-use monitoring mechanism to monitor all aspects of application services and network devices, assisting IT managers to turn network management information into readable business information. In Ipswitch WhatsUp Gold versions prior to 16.4,...
PT-2016-1000 · Ipswitch · Ipswitch Whatsup Gold
Name of the Vulnerable Software and Affected Versions: Ipswitch WhatsUp Gold versions prior to 16.4 Description: The issue is related to the DroneDeleteOldMeasurements implementation, which does not properly validate serialized XML objects. This allows remote attackers to conduct SQL injection...
CVE-2015-4315
The Call Policy Configuration page in Cisco TelePresence Video Communication Server VCS Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID CSCuv31853...
CVE-2011-4755
Parallels Plesk Small Business Panel 10.2.0 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service parsing error or possibly have unspecified other impact via a crafted cookie, as demonstrated by cookies t...
Fixed in Apache Tomcat 7.0.19
Low: Information disclosure CVE-2011-2526 Tomcat provides support for sendfile with the HTTP NIO and HTTP APR connectors. sendfile is used automatically for content served via the DefaultServlet and deployed web applications may use it directly via setting request attributes. These request...
CVE-2011-2150
The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service parsing error and daemon pause via vectors involving 1 certain cookies in a SiteInfoLookup action to...