CVE-2016-0319

The XML parser in Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity...

CVE-2016-0319

CVE-2016-0319 affects IBM Jazz Reporting Service (LQE) bundled with Jazz Reporting Service versions 6.0 and 6.0.1. The issue arises in the XML parser when processing XML data: an external entity declaration together with an entity reference enables a local authenticated administrator to read arbi...

CVE-2016-0284

The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Ration...

CVE-2016-0284

The CVE-2016-0284 entry relates to an XML External Entity (XXE) vulnerability in the XML parser used by IBM Jazz-based CLM products. Affected products include Rational Collaborative Lifecycle Management (across 3.0.1.6 up to 6.0.2), Rational Quality Manager, Rational Team Concert, Rational DOORS ...

F5 BIG-IP - Expat XML library vulnerability CVE-2016-5300

F5 BIG-IP is prone to a vulnerability in the Expat XML library. This VT has been deprecated as a duplicate of the VT SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

IBM WebSphere Application Server 8.0 < 8.0.0.11 Multiple Vulnerabilities (FREAK)

Binary data 9713.prm...

RSA Enterprise Compromise Assessment Tool 4.1.0.1 - XML External Entity Injection

RSA Enterprise Compromise Assessment Tool 4.1.0.1 - XML External Entity Injection SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XML External Entity Injection XXE product: RSA Enterprise Compromise Assessment Tool ECA...

Adobe ColdFusion < 11 Update 10 - XML external entity injection

Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - APSB16-30 - Release date: 31.08.2016 I. VULNERABILITY Adobe ColdFusion = 11 XML External Entity XXE Injection II. BACKGROUND "Adobe ColdFusion 11 Enterprise Edition offers a single platform to rapidly build and...

Adobe ColdFusion < 11 Update 10 - XML External Entity Injection

Exploit for php platform in category web applications ''' ============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-4264 - APSB16-30 - Release date: 31.08.2016 - Severity: Critical...

Adobe ColdFusion 11 Update 10 - XML External Entity Injection

Adobe ColdFusion 11 Update 10 - XML External Entity Injection ''' ============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-4264 - APSB16-30 - Release date: 31.08.2016 - Severity: Critical...

SOL65460334 - Expat XML parser vulnerability CVE-2012-6702

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

openSUSE Security Update : xerces-c (openSUSE-2016-1046)

xerces-c was updated to fix one security issue. This security issue was fixed : - CVE-2016-2099: Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ did not properly handle exceptions raised in the XMLReader class, which allowed context-dependent attackers to have...

SUSE SLED12 / SLES12 Security Update : xerces-c (SUSE-SU-2016:2154-1)

xerces-c was updated to fix one security issue. This security issue was fixed : - CVE-2016-2099: Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ did not properly handle exceptions raised in the XMLReader class, which allowed context-dependent attackers to have...

Adobe ColdFusion XML External Entity (XXE) Injection Information Disclosure (APSB16-30)

The version of Adobe ColdFusion running on the remote Windows host is missing a security hotfix. It is, therefore, affected by an XML External Entity XXE injection vulnerability due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. An unauthenticate...

SUSE-SU-2016:2154-1 Security update for xerces-c

xerces-c was updated to fix one security issue. This security issue was fixed: - CVE-2016-2099: Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ did not properly handle exceptions raised in the XMLReader class, which allowed context-dependent attackers to have...

WSO2 Identity Server 5.1.0 - Multiple Vulnerabilities

Exploit for jsp platform in category web applications + Credits: John Page aka HYP3RLINX Vendor: ============= www.wso2.com Product: ============================ Wso2 Identity Server v5.1.0 As the industry’s first enterprise identity bus EIB, WSO2 Identity Server is the central backbone that...

WSO2 Identity Server 5.1.0 - Multiple Vulnerabilities

WSO2 Identity Server 5.1.0 - Multiple Vulnerabilities + Credits: John Page aka HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WSO2-IDENTITY-SERVER-v5.1.0-XML-External-Entity.txt + ISR: ApparitionSec Vendor: ============= www.wso2.com Product:...

SonicWALL Global Management System (GMS) / Analyzer GMC Service XML External Entity (XXE) Injection

The SonicWALL Global Management System GMS / Analyzer running on the remote host is affected by an XML external entity XXE injection vulnerability in the GMC service due to an incorrectly configured XML parser accepting XML entities from an untrusted source. An unauthenticated, remote attacker ca...

FreeBSD : xercesi-c3 -- multiple vulnerabilities (cb09a7aa-5344-11e6-a7bd-14dae9d210b8)

Apache reports : The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker. Also, CVE-2016-2099: Use-after-free vulnerability in...

OpenJDK: maximum XML name limit not applied to namespace URIs (JAXP, 8148872)

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508...