[ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE

ERPSCAN Research Advisory ERPSCAN-15-004 SAP NetWeaver Portal XMLValidationComponent - XXE Application: SAP NetWeaver Portal 7.31 Versions Affected: SAP NetWeaver Portal 7.31, probably others Vendor URL: http://SAP.com Bugs: XML eXternal Entity Sent: 06.11.2014 Reported: 06.11.2014 Vendor respons...

Ubuntu 14.04 LTS : Tomcat vulnerabilities (USN-2654-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2654-1 advisory. It was discovered that the Tomcat XML parser incorrectly handled XML External Entities XXE. A remote attacker could possibly use this issue to read...

MGASA-2015-0242 Updated jackrabbit packages fix CVE-2015-1833

Updated jackrabbit packages fix security vulnerability: In Apache Jackrabbit before 2.4.6, When processing a WebDAV request body containing XML, the XML parser can be instructed to read content from network resources accessible to the host, identified by URI schemes such as "https" or "file"...

CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability)

Dear readers, we just fixed a recently reported vulnerability in Apache Jackrabbit's WebDAV module; see - the attached CVE report - patches for all currently maintained Jackrabbit branches We just released Jackrabbit 2.10.1 see below and we'll get to the other branches shortly. Check the CVE for...

Apache Jackrabbit WebDAV XXE Exploit

Exploit for java platform in category web applications !/usr/bin/env python """ Exploit Title: Jackrabbit WebDAV XXE Date: 25-05-2015 Software Link: http://jackrabbit.apache.org/jcr/ Exploit Author: Mikhail Egorov Contact: 0ang3el gmail com Website: http://0ang3el.blogspot.com CVE: CVE-2015-1833...

CVE-2015-1909

The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management MDM 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2 allows remote attackers to read arbitrary files, and consequently obtain administrative access, via an external entity...

Xxe

The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management MDM 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2 allows remote attackers to read arbitrary files, and consequently obtain administrative access, via an external entity...

CVE-2015-1909

IBM InfoSphere MDM Reference Data Management is vulnerable to an XML External Entity (XXE) attack due to a weakly configured XML parser. Affected are the Reference Data Management server components for versions: 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2. Exploitation could allow...

CVE-2015-1909

The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management MDM 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2 allows remote attackers to read arbitrary files, and consequently obtain administrative access, via an external entity...

Mozilla Firefox Multiple Vulnerabilities-01 (May 2015) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

expat: Integer overflow leading to buffer overflow in XML_GetBuffer()

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283...

CVE-2015-2716

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283...

Buffer overflow

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283...

CVE-2015-2716

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283...

CVE-2015-2716

CVE-2015-2716 is an Expat XML parser vulnerability described as an integer overflow that leads to a buffer overflow when processing large compressed XML data. Public advisories (ALAS-2020-1364, CESA-2020:1011) link this to expat, indicating a security update is required (update expat) to mitigate...

CVE-2015-2716

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283...

UBUNTU-CVE-2015-2716

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283...

expat: Integer overflow leading to buffer overflow in XML_GetBuffer()

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283...

Apache Xerces-C XML Parser Denial Of Service

Exploit Title: Apache Xerces-C XML Parser file.xml $ DOMPrint ./file.xml Ubuntu 15.04 libxerces-c3.1 package Segmentation fault $ ./DOMPrint ./file.xml ASAN Enabled build ================================================================= ==6831==ERROR: AddressSanitizer: heap-buffer-overflow on...

Apache Xerces-C XML Parser < 3.1.2 - DoS POC

Exploit for linux platform in category dos / poc Exploit Title: Apache Xerces-C XML Parser file.xml $ DOMPrint ./file.xml Ubuntu 15.04 libxerces-c3.1 package Segmentation fault $ ./DOMPrint ./file.xml ASAN Enabled build =================================================================...