CVE-2016-2073

The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service out-of-bounds read via a crafted XML document...

CVE-2015-7116

libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service memory corruption via a crafted XML document, a different vulnerability than CVE-2015-7115...

CVE-2015-7115

libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service memory corruption via a crafted XML document, a different vulnerability than CVE-2015-7116...

CVE-2015-7115

libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service memory corruption via a crafted XML document, a different vulnerability than CVE-2015-7116...

CVE-2015-7115

libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service memory corruption via a crafted XML document, a different vulnerability than CVE-2015-7116...

CVE-2015-7116

libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service memory corruption via a crafted XML document, a different vulnerability than CVE-2015-7115...

Design/Logic Flaw

IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 does not properly detect recursion during XML entity expansion, which allows remote attackers to cause a denial of service CPU consumption and application crash via a crafted XML document containing a large...

CVE-2015-7912

The Ice Faces servlet in agserverservice.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows remote attackers to upload and execute arbitrary Java code via a crafted XML document...

Code injection

The Ice Faces servlet in agserverservice.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows remote attackers to upload and execute arbitrary Java code via a crafted XML document...

CVE-2015-7912

The CVE-2015-7912 entry describes a remote code execution vulnerability in Tibbo AggreGate Platform prior to version 5.30.06. The issue resides in the Ice Faces servlet within ag_server_service.exe of the AggreGate Server Service, allowing an unauthenticated remote attacker to upload and execute ...

CVE-2015-7912

The Ice Faces servlet in agserverservice.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows remote attackers to upload and execute arbitrary Java code via a crafted XML document...

Adobe ColdFusion Multiple Vulnerabilities (APSB15-29) (credentialed check)

The version of Adobe ColdFusion running on the remote Windows host is affected by multiple vulnerabilities : - Multiple cross-site scripting XSS vulnerabilities exist due to a failure to validate input before returning it to the user. A remote attacker can exploit these to inject arbitrary script...

CVE-2015-5255

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to...

Server side request forgery (ssrf)

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to...

CVE-2015-5255

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to...

CVE-2009-1232

Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service memory corruption via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected...

CVE-2015-5911

Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document...

Code injection

Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document...

CVE-2015-5911

Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document...

CVE-2015-5911

CVE-2015-5911 affects Apple OS X Server Wiki Server (Twisted) before 5.0.3, with multiple unspecified vulnerabilities that can be triggered via an XML document. The root cause, specific impact, and exploit details are not provided in the supplied documents. No explicit remediation is stated beyon...