Palo Alto Networks PAN-OS 7.0.x < 7.0.5 Multiple Vulnerabilities

The version of Palo Alto Networks PAN-OS running on the remote host is 7.0.x 7.0.5. It is, therefore, affected by multiple vulnerabilities : - A buffer overflow condition exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a deni...

Palo Alto Networks PAN-OS 6.1.x < 6.1.11 Multiple Vulnerabilities

The version of Palo Alto Networks PAN-OS running on the remote host is 6.1.x 6.1.11. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists that allows an authenticated, remote attacker to access potentially sensitive information in the system logs. - A security...

Cisco TelePresence XML API HTTP Request Handling Authentication Bypass (cisco-sa-20160504-tpxml)

The remote host is running a version of Cisco TelePresence Codec TC that is 7.2.x prior to 7.3.6 or a version of Cisco Collaboration Endpoint CE software that is 8.x prior 8.1.1. It is, therefore, affected by an authentication bypass vulnerability in the XML application programming interface API ...

CloudBees Jenkins CI and Jenkins LTS Information Disclosure Vulnerability (CNVD-2016-03162)

CloudBees Jenkins CI formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor ongoing software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins CI is a...

CVE-2016-1387

The XML API in TelePresence Codec TC 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint CE 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes v...

CVE-2016-1387

The XML API in TelePresence Codec TC 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint CE 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes v...

Command injection

The XML API in TelePresence Codec TC 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint CE 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes v...

CVE-2016-1387

The XML API in TelePresence Codec TC 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint CE 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes v...

Palo Alto Device / PAN-OS Detection (HTTP XML-API)

HTTP XML-API based detection of the Palo Alto devices and the underlying PAN-OS operating system. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

RHEL 6 : rhevm (RHSA-2014:0814)

Updated rhevm packages that fix one security issue are now available. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from the CVE link in the...

Palo Alto Networks PAN-OS XML API密钥安全限制绕过漏洞

BUGTRAQ ID: 65886 PAN-OS用于控制 Palo Alto Networks 新一代防火墙的作业系统，它提供丰富的防火墙、管理及网路的功能。 PAN-OS 4.1.16, 5.0.10, 5.1.5之前版本在实现上存在安全限制绕过漏洞，攻击者可利用此漏洞绕过安全限制，执行未授权操作。 0 Palo Alto Network PAN-OS 厂商补丁： Palo Alto Network ----------------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

OpenJDK: javax.xml.transform.TransformerFactory does not properly honor XMLConstants.FEATURE_SECURE_PROCESSING (JAXP, 8012425)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via...

OpenJDK: javax.xml.transform.TransformerFactory does not properly honor XMLConstants.FEATURE_SECURE_PROCESSING (JAXP, 8012425)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via...

CVE-2013-3617

The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity XXE iss...

Xxe

The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity XXE iss...

CVE-2013-3617

CVE-2013-3617 affects Openbravo ERP 2.5, 3.0 and earlier. The XML API permits remote authenticated users to read arbitrary files via an XML External Entity (XXE) vulnerability, using an external entity declaration with a reference to internal /ws/dal/ interfaces (e.g., ADUser). Impact: potential ...

CVE-2013-3617

The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity XXE iss...

Openbravo ERP XXE Arbitrary File Read

The Openbravo ERP XML API expands external entities which can be defined as local files. This allows the user to read any files from the FS as the user Openbravo is running as generally not root. This module was tested against Openbravo ERP version 3.0MP25 and 2.50MP6. This module requires...

Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability

A vulnerability in the public XML API service of Cisco Unified Computing System Fabric Interconnect could allow an unauthenticated, remote attacker to create a denial of service DoS condition. The vulnerability is due to improper input validation in the XML API service. An attacker could exploit...

CVE-2012-4079

The XML API service in the Fabric Interconnect component in Cisco Unified Computing System UCS allows remote attackers to cause a denial of service API service outage via a malformed XML document in a packet, aka Bug ID CSCtg48206...