Lucene search
K

255 matches found

Cvelist
Cvelist
added 2017/07/14 3:0 p.m.23 views

CVE-2017-7664

Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0...

9.6AI score0.02346EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2017/04/12 11:18 a.m.29 views

SAP Updates Two-Year-Old Patch for TREX Vulnerability

SAP has issued an updated patch for a code-injection vulnerability affecting the TREX search engine integrated into more than a dozen SAP products, including the old NetWeaver application integration platform and the SAP HANA database. The flaw was originally found in 2015 and patched in SAP HANA...

7.5CVSS9.7AI score0.016EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2017/03/17 1:52 p.m.33 views

CVE-2017-5643

It was found that Apache Camel's validation component evaluates DTD headers of XML stream sources, although a validation against XML schemas XSD is executed. Remote attackers can use this feature to make Server-Side Request Forgery SSRF attacks by sending XML documents with remote DTDs URLs or XM...

7.4CVSS3.3AI score0.0489EPSS
Exploits0References2
Microsoft KB
Microsoft KB
added 2017/01/07 12:0 a.m.27 views

MS16-035: Description of the security update for the .NET Framework 3.5 in Windows 8.1 and Windows Server 2012 R2: March 8, 2016

MS16-035: Description of the security update for the .NET Framework 3.5 in Windows 8.1 and Windows Server 2012 R2: March 8, 2016 View products that this article applies to. Summary This update resolves a vulnerability in the Microsoft .NET Framework. The security feature bypass exists in a .NET...

6.4AI score
Exploits0
Microsoft KB
Microsoft KB
added 2017/01/07 12:0 a.m.26 views

MS16-035: Description of the security update for the .NET Framework 3.5 in Windows Server 2012: March 8, 2016

MS16-035: Description of the security update for the .NET Framework 3.5 in Windows Server 2012: March 8, 2016 View products that this article applies to. Summary This update resolves a vulnerability in the Microsoft .NET Framework. The security feature bypass exists in a .NET Framework component...

6.7AI score
Exploits0
Microsoft KB
Microsoft KB
added 2017/01/07 12:0 a.m.31 views

MS16-035: Description of the security update for the .NET Framework 4.5.2 in Windows Server 2012: March 8, 2016

MS16-035: Description of the security update for the .NET Framework 4.5.2 in Windows Server 2012: March 8, 2016 October 11, 2016 This security update has been re-released to Windows Server Update Services WSUS channel because of an offering issue that may have affected some WSUS customers who had...

6.4AI score
Exploits0
CNVD
CNVD
added 2016/03/09 12:0 a.m.4 views

Microsoft .NET Framework XML Validation Security Feature Bypass Vulnerability

Microsoft .NET Framework is a comprehensive and consistent programming model developed by Microsoft Corporation USA and a development platform for building Windows, Windows Store, Windows Phone, Windows Server and Microsoft Azure Windows Store, Windows Phone, Windows Server, and Microsoft Azure...

10CVSS6.7AI score0.21976EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2016/03/09 12:0 a.m.58 views

Microsoft .NET XML Validation Security Feature Bypass Vulnerability (3141780)

This host is missing an important security update according to Microsoft Bulletin MS16-035 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

10CVSS8.4AI score0.21976EPSS
Exploits0References2
Kaspersky
Kaspersky
added 2016/03/08 12:0 a.m.155 views

KLA10768 Security bypass vulnerability in Microsoft .NET Framework

An improper XML validation was found in Microsoft .NET Framework. By exploiting this vulnerability malicious users can bypass security restrictions. This vulnerability can be exploited remotely via signed XML file manipulations. Original advisories CVE-2016-0132 Related products...

10CVSS9.7AI score0.21976EPSS
Exploits0References20
CNVD
CNVD
added 2016/01/11 12:0 a.m.4 views

Ipswitch WhatsUp Gold SQL Injection Vulnerability

WhatsUp Gold provides a complete and easy-to-use monitoring mechanism to monitor all aspects of application services and network devices, assisting IT managers to turn network management information into readable business information. In Ipswitch WhatsUp Gold versions prior to 16.4,...

9.8CVSS7.2AI score0.0355EPSS
Exploits4References1
Positive Technologies
Positive Technologies
added 2016/01/08 12:0 a.m.4 views

PT-2016-1000 · Ipswitch · Ipswitch Whatsup Gold

Name of the Vulnerable Software and Affected Versions: Ipswitch WhatsUp Gold versions prior to 16.4 Description: The issue is related to the DroneDeleteOldMeasurements implementation, which does not properly validate serialized XML objects. This allows remote attackers to conduct SQL injection...

9.8CVSS8.3AI score0.0355EPSS
Exploits4References7
Cvelist
Cvelist
added 2015/08/20 12:0 a.m.21 views

CVE-2015-4315

The Call Policy Configuration page in Cisco TelePresence Video Communication Server VCS Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID CSCuv31853...

6.3AI score0.01871EPSS
Exploits0References3
Cvelist
Cvelist
added 2011/12/16 11:0 a.m.22 views

CVE-2011-4755

Parallels Plesk Small Business Panel 10.2.0 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service parsing error or possibly have unspecified other impact via a crafted cookie, as demonstrated by cookies t...

7.5AI score0.02004EPSS
Exploits0References2
Apache Tomcat
Apache Tomcat
added 2011/07/19 12:0 a.m.65 views

Fixed in Apache Tomcat 7.0.19

Low: Information disclosure CVE-2011-2526 Tomcat provides support for sendfile with the HTTP NIO and HTTP APR connectors. sendfile is used automatically for content served via the DefaultServlet and deployed web applications may use it directly via setting request attributes. These request...

4.6CVSS5.5AI score0.0084EPSS
Exploits3Affected Software1
NVD
NVD
added 2011/05/20 10:55 p.m.15 views

CVE-2011-2150

The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service parsing error and daemon pause via vectors involving 1 certain cookies in a SiteInfoLookup action to...

5CVSS6.7AI score0.03024EPSS
Exploits0References4
Rows per page
Query Builder