953 matches found
CVE-2014-0868
RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via a crafted XML document, as demonstrated by...
CVE-2014-0864
CVE-2014-0864 concerns IBM Algo Credit Limits (RICOS) 4.5.0–4.7.0. A CSRF in the ACLM Web GUI allows remote attackers to hijack a victim’s session to perform tasks such as changing a deal’s currency or limits via a crafted request. Root cause per vendor advisories: the web GUI does not verify req...
Sun Java 1.x XML Document Nested Entity Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8666/info A problem has been identified in Sun Java when handling XML documents with specific constructs. Because of this, an attacker with the ability to cause the software to parse malicious XML documents may have the...
Microsoft Internet Explorer 7.0 Combined JavaScript and XML Remote Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28143/info Microsoft Internet Explorer is prone to a remote information-disclosure vulnerability because of a flaw in the interaction between JavaScript and XML processing in Internet Explorer. To exploit this issue, an...
CVE-2014-3004
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...
CVE-2014-3004
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...
UBUNTU-CVE-2014-3004
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...
CVE-2014-2946
Cross-site request forgery CSRF vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request...
CVE-2014-2946
CVE-2014-2946 is a CSRF vulnerability in the Huawei E303 Web UI, affecting api/sms/send-sms. The issue affects Web UI version 11.010.06.01.858 on software 22.157.18.00.858 and allows an attacker to hijack administrator authentication to perform API operations, including sending SMS messages via c...
MobileIron VSP / Sentry Authentication Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Matta Consulting - Matta Advisory https://www.trustmatta.com MobileIron Multiple Products Authentication Bypass Vulnerability Advisory ID: MATTA-2013-004 CVE reference: CVE-2014-1409, CVE-2013-7286 Affected platforms: VSP and Sentry Version: VSP...
Xxe
The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External...
CVE-2013-7332
The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity...
Xxe
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, .jspx, .tagx, or .tld XML document containing an external entity declaration ...
Design/Logic Flaw
The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity...
Xxe
The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
CVE-2013-0340
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...
CVE-2013-0340
CVE-2013-0340 concerns the expat XML parser. The issue arises from improper handling of XML entity expansion (XXE) unless an application enables XML_SetEntityDeclHandler. This can allow a remote attacker to cause denial of service (resource consumption), trigger requests to intranet endpoints, or...
CVE-2013-0340
expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...
Mandriva Linux Security Advisory : librsvg (MDVSA-2014:009)
Updated librsvg and gtk+3.0 packages fix security vulnerability : librsvg before version 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference CVE-2013-1881. For Business Server 1 gtk+3.0 has be...