953 matches found
Code injection
IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service memory consumption via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564...
CVE-2014-3090
IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service memory consumption via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564...
CVE-2014-5265
The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted...
CVE-2014-5266
The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service CPU consumption via a large document, a different vulnerability...
CVE-2014-5265
The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted...
CVE-2014-5265
The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted...
CVE-2014-3337
The SIP implementation in Cisco Unified Communications Manager CM 8.6.2 and earlier allows remote authenticated users to cause a denial of service process crash via a crafted SIP message that is not properly handled during processing of an XML document, aka Bug ID CSCtq76428...
Design/Logic Flaw
The SIP implementation in Cisco Unified Communications Manager CM 8.6.2 and earlier allows remote authenticated users to cause a denial of service process crash via a crafted SIP message that is not properly handled during processing of an XML document, aka Bug ID CSCtq76428...
CVE-2014-3337
The SIP implementation in Cisco Unified Communications Manager CM 8.6.2 and earlier allows remote authenticated users to cause a denial of service process crash via a crafted SIP message that is not properly handled during processing of an XML document, aka Bug ID CSCtq76428...
Hardcoded credentials
The Data Growth Solution for JD Edwards EnterpriseOne in IBM InfoSphere Optim 3.0 through 9.1 has hardcoded database credentials, which allows remote authenticated users to obtain sensitive information by reading an unspecified field in an XML document...
CVE-2013-5433
The CVE-2013-5433 issue concerns the Data Growth Solution for JD Edwards EnterpriseOne used with IBM InfoSphere Optim 3.0–9.1, where hardcoded database credentials are stored within the solution. This allows remote authenticated users to disclose sensitive information by reading an unspecified fi...
CVE-2013-5433
The Data Growth Solution for JD Edwards EnterpriseOne in IBM InfoSphere Optim 3.0 through 9.1 has hardcoded database credentials, which allows remote authenticated users to obtain sensitive information by reading an unspecified field in an XML document...
XCat - Tool that aides in the exploitation of blind XPath injection vulnerabilities
XCat is a command line program that aides in the exploitation of blind XPath injection vulnerabilities. It can be used to retrieve the whole XML document being processed by a vulnerable XPath query, read arbitrary files on the hosts filesystem and utilize out of bound HTTP requests to make the...
CVE-2014-0179
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service read block and hang via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the 1 virConnectCompareCPU or 2 virConnectBaselineCPU API method, relate...
CVE-2014-0868
RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via a crafted XML document, as demonstrated by...
CVE-2014-0864
Multiple cross-site request forgery CSRF vulnerabilities in Executer in RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to hijack the authentication of arbitrary users for requests that change 1 a deal's currency or 2 a...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Executer in RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to hijack the authentication of arbitrary users for requests that change 1 a deal's currency or 2 a...
Design/Logic Flaw
RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and DbPass fields in an XML document...
Input validation
RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via a crafted XML document, as demonstrated by...
CVE-2014-0864
Multiple cross-site request forgery CSRF vulnerabilities in Executer in RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to hijack the authentication of arbitrary users for requests that change 1 a deal's currency or 2 a...