CVE-2019-20343

The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element within a plugin element can specify an arbitrary program in an executable element and can also specify arbitrary command-line arguments in an arguments element...

Code injection

The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element within a plugin element can specify an arbitrary program in an executable element and can also specify arbitrary command-line arguments in an arguments element...

CVE-2019-20343

The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element within a plugin element can specify an arbitrary program in an executable element and can also specify arbitrary command-line arguments in an arguments element...

NewStart CGSL CORE 5.05 / MAIN 5.05 : qt5-qtbase Multiple Vulnerabilities (NS-SA-2019-0236)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has qt5-qtbase packages installed that are affected by multiple vulnerabilities: - An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation...

XML External Entity (XXE)

odata-server-core is vulnerable to XML external entity XXE attacks. The support for external entities are not disabled and allows remote attackers to inject a malicious XML document to retrieve confidential system files or perform requests on behalf of the server...

NewStart CGSL CORE 5.04 / MAIN 5.04 : qt5-qtbase Multiple Vulnerabilities (NS-SA-2019-0217)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has qt5-qtbase packages installed that are affected by multiple vulnerabilities: - An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation...

XML Notepad 2.8.0.4 - XML External Entity Injection Exploit

Exploit Title: XML Notepad 2.8.0.4 - XML External Entity Injection Exploit Author: 8-Team / daejinoh Vendor Homepage: https://www.microsoft.com/ Software Link: https://github.com/microsoft/XmlNotepad Version: XML Notepad 2.8.0.4 Tested on: Windows 10 Pro CVE : N/A Step 1 File - Open - .xml Exploi...

CVE-2019-17323

ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via report print function of rexpert viewer with modified XML document. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page...

Design/Logic Flaw

ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via report print function of rexpert viewer with modified XML document. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page...

CVE-2019-17323

CVE-2019-17323 affects ClipSoft REXPERT (versions 1.0.0.527 and earlier). The vulnerability is an XML injection in the Rexpert viewer's report printing function, enabling arbitrary file creation and execution. Exploitation requires user interaction: the target must visit a malicious web page. Imp...

CVE-2019-17323

ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via report print function of rexpert viewer with modified XML document. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page...

Remote Code Execution

ReportLab is vulnerable to remote code execution. This is due to the usage of toColorevalarg in colors.py, allowing a remote attacker to execute arbitrary Python code using a malicious XML document that utilizes 'span color="' followed by arbitrary Python code...

CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

PYSEC-2019-47

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

UBUNTU-CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

Remote code execution

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

PYSEC-2019-117

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

CVE-2019-17626

Affected software: python-reportlab (ReportLab) prior to 3.5.31. Root causes reported: in colors.py, toColor(eval(arg)) used on crafted XML; in paraparser.py, start_unichar evaluating untrusted input within a unichar element.Impact: remote code execution via crafted XML document. Remediation: upg...

CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...