Multiple Vulnerabilities in JIRA Workflow Servlet

||Affected Versions|| |4.2.4 = version 6.3.0| An anonymous user can perform multiple attacks on a vulnerable JIRA instance that could cause remote code execution, the disclosure of private files or execute a denial of service attack against the JIRA server. This vulnerability is caused by the way...

Multiple Vulnerabilities in JIRA Workflow Servlet

||Affected Versions|| |4.2.4 = version 6.3.0| An anonymous user can perform multiple attacks on a vulnerable JIRA instance that could cause remote code execution, the disclosure of private files or execute a denial of service attack against the JIRA server. This vulnerability is caused by the way...

Apache Solr < 5.0 Multiple XXE

Binary data 9943.prm...

Cimetrics BACnet Explorer 4.0 XXE Injection

Cimetrics BACnet Explorer 4.0 XXE Vulnerability Vendor: Cimetrics, Inc. Product web page: https://www.cimetrics.com Affected version: 4.0.0.0 Summary: The BACnet Explorer is a BACnet client application that helps auto discover BACnet devices. Desc: BACnetExplorer suffers from an XML External Enti...

SUSE SLED12 / SLES12 Security Update : expat (SUSE-SU-2017:0424-1)

This update for expat fixes the following security issues : - CVE-2012-6702: Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the sran...

SUSE SLES11 Security Update : expat (SUSE-SU-2017:0415-1)

This update for expat fixes the following security issues : - CVE-2012-6702: Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the sran...

CVE-2016-2908

IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity XXE error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service...

Xxe

IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity XXE error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service...

CVE-2016-2908

IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity XXE error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service...

Denial Of Service (DoS) Or Arbitrary Code Execution

expat is vulnerable to denial of service DoS or arbitrary code execution attacks. When users input malformed document, expat XML parser mishandles the input which causes a buffer overflow during the processing and error reporting. This leading to a denial of service and conceivably result in remo...

CVE-2016-10040

A stack overflow flaw was found in the way Qt parsed XML input with several nested opening tags. An application using Qt's QXmlSimpleReader to parse specially crafted XML input could crash...

Xerces-C++: Multiple vulnerabilities

Background Xerces-C++ is a validating XML parser written in a portable subset of C++. Description Multiple vulnerabilities have been discovered in Xerces-C++. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to process a specially crafte...

libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup

Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a...

libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal

The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

Adobe Digital Editions < 4.5.3 Multiple Information Disclosure Vulnerabilities (APSB16-45) (macOS)

The version of Adobe Digital Editions installed on the remote macOS or Mac OS X host is prior to 4.5.3. It is, therefore, affected by multiple information disclosure vulnerabilities : - An information disclosure vulnerability exists that allows an unauthenticated, remote attacker to disclose memo...

VMware vSphere Client XXE Injection Information Disclosure (VMSA-2016-0022)

The version of vSphere Client installed on the remote Windows host is affected by an information disclosure vulnerability due to an incorrectly configured XML parser accepting XML external entities XXE from an untrusted source. An unauthenticated, remote attacker can exploit this issue to disclos...

Microsoft Authorization Manager azman XML External Entity Vulnerability

Exploit for windows platform in category local exploits + Credits: John Page aka hyp3rlinx Vendor: ================== www.microsoft.com Product: ============================== Microsoft Authorization Manager v6.1.7601 The Authorization Manager allows you to set role-based permissions for...

VMware vCenter Server 5.5.x < 5.5u3e / 6.0.x < 6.0u2a Multiple XXE Vulnerabilities (VMSA-2016-0022)

The version of VMware vCenter Server installed on the remote host is 5.5.x prior to 5.5u3e or 6.0.x prior to 6.0u2a. It is, therefore, affected by multiple XML external entity XXE vulnerabilities : - Multiple XML external entity XXE vulnerabilities exist in the Log Browser, the Distributed Switch...

CVE-2016-0319

The XML parser in Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity...

Xxe

The XML parser in Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity...