ownCloud: XXE at host vpn.owncloud.com

Improper XML parser configuration provide attacker to read arbitrary files and make HTTP requests from server side. Exploit example is listed below: POST /user/login HTTP/1.1 Host: 144.76.105.208 Accept: / Content-type: application/xml Accept-Language: en User-Agent: Mozilla/5.0 compatible; MSIE...

libxml2 Denial of Service Vulnerability (CNVD-2015-08376)

Libxml2 is the GNOME project team developed a C-based language used to parse XML documents library , which supports a variety of encoding formats , Xpath parsing , Well-formed and valid validation and so on. A security vulnerability exists in the 'xmlSAX2TextNode' function in the SAX2.c file of t...

libxml2 Denial of Service Vulnerability (CNVD-2015-08400)

libxml2 is an XML parser and markup toolset. A denial of service vulnerability exists in versions of libxml2 prior to 2.9.3. An attacker is able to cause a denial of service via unspecified vectors regarding incorrect entity boundaries and start tags...

libxml2 heap buffer overflow vulnerability (CNVD-2015-08399)

libxml2 is an XML parser and markup toolset. A heap buffer overflow vulnerability exists in libxml2 versions prior to 2.9.3. An attacker is able to context-dependently obtain sensitive process memory information via unspecified vectors...

The vulnerability of Cisco Adaptive Security Appliance’s microprogramming software allows a perpetrator to trigger a service failure.

The vulnerability of XML parsers in the interface for managing microprogrammed network device software of Cisco Adaptive Security Appliances is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause service failures using an specially crafted XML...

Cisco ASA Management Interface XML Parser DoS Vulnerability (cisco-sa-20151123-asa)

A vulnerability in the XML parser of the management interface of Cisco ASA may lead to a denial of service. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

[SECURITY] [DLA 355-1] libxml2 security update

Package : libxml2 Version : 2.7.8.dfsg-2+squeeze15 CVE ID : CVE-2015-8241 CVE-2015-8317 Debian Bug : 806384 CVE-2015-8241 Buffer overread with XML parser in xmlNextChar CVE-2015-8317 - issues in the xmlParseXMLDecl function: If we fail conversing the current input stream while processing the...

DLA-355-1 libxml2 - security update

Bulletin has no description...

Updated libxml2 packages fix security vulnerabilities

Updated libxml2 packages fix security vulnerabilities: In libxml2 before 2.9.3, one case where when dealing with entities expansion, it failed to exit, leading to a denial of service CVE-2015-5312. In libxml2 before 2.9.3, it was possible to hit a negative offset in the name indexing used to...

Design/Logic Flaw

The XML parser in the management interface in Cisco Adaptive Security Appliance ASA Software 8.4 allows remote authenticated users to cause a denial of service device crash via a crafted XML document, aka Bug ID CSCut14223...

CVE-2015-6379

The XML parser in the management interface in Cisco Adaptive Security Appliance ASA Software 8.4 allows remote authenticated users to cause a denial of service device crash via a crafted XML document, aka Bug ID CSCut14223...

CVE-2015-6379

The XML parser in the management interface in Cisco Adaptive Security Appliance ASA Software 8.4 allows remote authenticated users to cause a denial of service device crash via a crafted XML document, aka Bug ID CSCut14223...

Cisco ASA Management Interface XML Parser Denial of Service Vulnerability

A vulnerability in the XML parser of the management interface in Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause system instability and possibly crash an affected system. The vulnerability is due to insufficient hardening of the XML parser cod...

PT-2015-2743 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software version 8.4 Description: The issue is related to the XML parser in the management interface, which can cause system instability and potentially crash the device when a crafted XML document is...

OpenJDK: inefficient use of hash tables and lists during XML parsing (JAXP, 8068842)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911...

openSUSE Security Update : miniupnpc (openSUSE-2015-789)

MiniUPnP was updated to fix one security issue. The following vulnerability was fixed : - CVE-2015-6031: XML parser buffer overflow boo950759 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

VMware Patches Pesky XXE Bug in Flex BlazeDS

VMware has patched an information disclosure vulnerability affecting a number of its products that use Flex BlazeDS. The original vulnerability was discovered and disclosed in August by Matthias Kaiser of Code White GmbH. Researchers there found a XML External Entity flaw in Apache Flex BlazeDS...

OpenJDK: incomplete supportDTD enforcement (JAXP, 8130078)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893...

Updated miniupnpc package fixes security vulnerability

An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigger this...

MGASA-2015-0416 Updated miniupnpc package fixes security vulnerability

An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigger this...