CVE-2007-0099

CVE-2007-0099 describes a race-condition in Microsoft XML Core Services 3.0 (MSXML3) used by Internet Explorer 6 and other apps. The flaw can be triggered by many nested XML tags in an IFRAME when synchronous rendering is disrupted by asynchronous events (e.g., JavaScript timers), leading to NULL...

CVE-2006-3117

Heap-based buffer overflow in OpenOffice.org aka StarOffice 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by 1 Calc, 2 Draw, 3 Impress, 4 Math, or 5 Writer, aka "File Format /...

CVE-2006-3117

Heap-based buffer overflow in OpenOffice.org aka StarOffice 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by 1 Calc, 2 Draw, 3 Impress, 4 Math, or 5 Writer, aka "File Format /...

CVE-2006-3117

Heap-based buffer overflow in OpenOffice.org aka StarOffice 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by 1 Calc, 2 Draw, 3 Impress, 4 Math, or 5 Writer, aka "File Format /...

CVE-2006-0700

imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions...

Design/Logic Flaw

imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions...

CVE-2006-0700

The CVE-2006-0700 entry concerns imageVue 16.1, where a remote attacker can retrieve folder permission settings by directly requesting dir.php, which returns an XML listing folders and their permissions. Affected component: dir.php handler in imageVue 16.1 (XML response reveals folder permissions...

CVE-2006-0700

imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions...

GLSA-200508-13 : PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability

The remote host is affected by the vulnerability described in GLSA-200508-13 PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability Stefan Esser of the Hardened-PHP Project discovered that the PEAR XML-RPC and phpxmlrpc libraries were improperly handling XMLRPC requests and responses wit...

PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability

Background The PEAR XML-RPC and phpxmlrpc libraries are both PHP implementations of the XML-RPC protocol. Description James Bercegay of GulfTech Security Research discovered that the PEAR XML-RPC and phpxmlrpc libraries fail to sanatize input sent using the "POST" method. Impact A remote attacker...

Xerces-C++ DoS

Malcrafted XML document causes 100 CPU ussage for few minutes...

Sun Java 1.x - XML Document Nested Entity Denial of Service

source: https://www.securityfocus.com/bid/8666/info A problem has been identified in Sun Java when handling XML documents with specific constructs. Because of this, an attacker with the ability to cause the software to parse malicious XML documents may have the ability to crash a system hosting S...

Sun Java 1.x - XML Document Nested Entity Denial of Service

Sun Java 1.x - XML Document Nested Entity Denial of Service source: https://www.securityfocus.com/bid/8666/info A problem has been identified in Sun Java when handling XML documents with specific constructs. Because of this, an attacker with the ability to cause the software to parse malicious XM...