2720 matches found
Xxe
An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser with improper restriction of XML external entity reference, or XXE may allow an attacker to enter malicious input through the...
CVE-2017-7907
An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser with improper restriction of XML external entity reference, or XXE may allow an attacker to enter malicious input through the...
CVE-2017-7907
CVE-2017-7907 concerns an XML External Entity (XXE) handling flaw in Schneider Electric Wonderware Historian Client (2014 R2 SP1 and earlier). The vulnerability stems from an improperly restricted XML parser, enabling a local attacker to feed malicious input through the affected application, pote...
CVE-2017-7907
An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser with improper restriction of XML external entity reference, or XXE may allow an attacker to enter malicious input through the...
Fedora 24 : libplist (2017-3849af4477)
Version 2.0.0 Changes : - New light-weight custom XML parser - Remove libxml2 dependency - Refactor binary plist parsing - Improved malformed XML and binary plist detection and error handling - Add parser debug/error output when compiled with --enable-debug, controlled via environment variables -...
Atlassian JIRA 4.2.4 < 6.3.0 Multiple Vulnerabilities
According to its self-reported version number, the version of Atlassian JIRA hosted on the remote web server is 4.2.4 or later but prior to 6.3.0. It is, therefore, affected by multiple vulnerabilities in the JIRA Workflow Designer plugin : - A remote code execution vulnerability exists in the...
Fedora 25 : libplist (2017-4047180cd3)
Version 2.0.0 Changes : - New light-weight custom XML parser - Remove libxml2 dependency - Refactor binary plist parsing - Improved malformed XML and binary plist detection and error handling - Add parser debug/error output when compiled with --enable-debug, controlled via environment variables -...
Schneider Electric Wonderware Historian Client
CVSS v3 6.6 ATTENTION: Low skill level to exploit. Vendor: Schneider Electric Equipment: Wonderware Historian Client Vulnerability: Improper XML Parser Configuration AFFECTED PRODUCTS The following versions of Wonderware Historian Client, an analysis and reporting software, are affected: Wonderwa...
EulerOS 2.0 SP1 : xerces-c (EulerOS-SA-2016-1004)
According to the version of the xerces-c package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was discovered that the Xerces-C XML parser did not properly process certain XML input. By providing specially crafted XML data to an applicati...
CVE-2017-5969
libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service NULL pointer dereference via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML...
CVE-2017-5983
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object...
CVE-2017-5983
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object...
Code injection
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object...
CVE-2017-5983
The vulnerability CVE-2017-5983 affects Atlassian JIRA Server versions 4.2.4–6.3.0 via the JIRA Workflow Designer plugin. It stems from improper XML parsing/deserialization of AMF3 data, allowing unauthenticated remote code execution, file reading, or DoS through crafted serialized Java objects. ...
Atlassian JIRA 6.x < 6.3 Multiple Vulnerabilities
Binary data 700002.prm...
openSUSE Security Update : expat (openSUSE-2017-260)
This update for expat fixes the following security issues : - CVE-2012-6702: Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the sran...
XML External Entity (XXE)
jooq is vulnerable to XML external entity attacks. It is possible because XMLasDOMBinding does not prevent the resolution of external entity references, allowing the attackers to submit malicious XML to the XML parser and gain access to information about an internal network, local file system, or...
CVE-2016-8348
An XML External Entity XXE issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or...
CVE-2016-8348
An XML External Entity XXE issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or...
Multiple Vulnerabilities in JIRA Workflow Servlet
||Affected Versions|| |4.2.4 = version 6.3.0| An anonymous user can perform multiple attacks on a vulnerable JIRA instance that could cause remote code execution, the disclosure of private files or execute a denial of service attack against the JIRA server. This vulnerability is caused by the way...