The vulnerability of the XML parser in the SAP NetWeaver software integration platform allows a hacker to read arbitrary files or cause service failures.

The vulnerability of the XML parser in the SAP NetWeaver software integration platform arises from an incorrect limitation on XML references to external objects. Exploiting this vulnerability allows a malicious actor, operating remotely, to read arbitrary files or cause service failures...

Design/Logic Flaw

An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...

CVE-2016-5795

An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...

CVE-2016-5795

This CVE (CVE-2016-5795) affects Automated Logic Corporation WebCTRL, Liebert SiteScan Web (6.5 and earlier), and Carrier i-Vu (6.5 and earlier). Root cause: improper XML parsing configuration allowing XML External Entity (XXE) processing to be exploited via a weakly configured XML parser, enabli...

OpenJDK: insecure XML parsing in wsdlimport (JAX-WS, 8182054)

It was discovered that the wsdlimport tool in the JAX-WS component of OpenJDK did not use secure XML parser settings when parsing WSDL XML documents. A specially crafted WSDL document could cause wsdlimport to use an excessive amount of CPU and memory, open connections to other hosts, or leak...

Apache Xerces-C++ Denial of Service Vulnerability

Apache Xerces is an XML syntax parser from the Apache Software Foundation.Apache Xerces-C++ is the language version. A security vulnerability exists in Apache Xerces-C++. A remote attacker can exploit this vulnerability by sending a specially crafted message to the XML service to cause a denial o...

DEBIAN-CVE-2017-9233

XML External Entity vulnerability in libexpat 2.2.0 and earlier Expat XML Parser Library allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD...

CVE-2017-9233

CVE-2017-9233: XML External Entity DoS in libexpat 2.2.0 and earlier via malformed external entity in an external DTD. Affected: libexpat (Expat XML Parser Library). Impact: parser denial-of-service (infinite loop). Remediation: update to libexpat 2.2.1 (fixes addressed in advisories). If impleme...

CVE-2017-9233

XML External Entity vulnerability in libexpat 2.2.0 and earlier Expat XML Parser Library allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD...

PSF-2017-7 Expat 2.2.1

XML External Entity vulnerability in libexpat 2.2.0 and earlier Expat XML Parser Library allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD...

CVE-2017-9233

XML External Entity vulnerability in libexpat 2.2.0 and earlier Expat XML Parser Library allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD...

CVE-2017-9233

XML External Entity vulnerability in libexpat 2.2.0 and earlier Expat XML Parser Library allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD...

Oracle Primavera Gateway Multiple Vulnerabilities (July 2017 CPU)

According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is prior to 14.2.3, 15.x prior to 15.2.12, or 16.x prior to 16.2.4. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability exist...

Unspecified Vulnerability in Oracle Java SE and Java SE Embedded (CNVD-2017-18571)

Oracle Java SE and Java SE Embedded are both products of Oracle Corporation. Java SE is an acronym for Java Platform Standard Edition based on the JDK and JRE for developing and deploying Java applications on desktops and servers as well as embedded devices and real-time environments. A security...

[SECURITY] Fedora 26 Update: expat-2.2.1-1.fc26

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

X (Formerly Twitter): XXE on sms-be-vip.twitter.com in SXMP Processor

Hi team, What type of issue are you reporting? Does it align to a CWE or OWASP issue? I've identified an XXE vulnerability in the cloudhopper sxmp servlet on sms-be-vip.twitter.com which discloses local files to an external attacker and allows web requests to be sent. This aligns to...

[SECURITY] Fedora 25 Update: expat-2.2.1-1.fc25

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

CVE-2017-9233

XML External Entity vulnerability in libexpat 2.2.0 and earlier Expat XML Parser Library allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD...

SRC-2017-0028 : Oracle Java SE Web Start jnlp XML External Entity Processing Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Oracle Java SE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

CVE-2017-7907

An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser with improper restriction of XML external entity reference, or XXE may allow an attacker to enter malicious input through the...