Apache Xerces-C XML Parser < 3.1.2 - Denial of Service (PoC)

Exploit Title: Apache Xerces-C XML Parser file.xml $ DOMPrint ./file.xml Ubuntu 15.04 libxerces-c3.1 package Segmentation fault $ ./DOMPrint ./file.xml ASAN Enabled build ================================================================= ==6831==ERROR: AddressSanitizer: heap-buffer-overflow on...

Apache Xerces-C XML Parser 3.1.2 - Denial of Service (PoC)

Apache Xerces-C XML Parser 3.1.2 - Denial of Service PoC Exploit Title: Apache Xerces-C XML Parser file.xml $ DOMPrint ./file.xml Ubuntu 15.04 libxerces-c3.1 package Segmentation fault $ ./DOMPrint ./file.xml ASAN Enabled build =================================================================...

Cisco ASA Software Multiple Vulnerabilities (cisco-sa-20150408-asa)

The remote Cisco Adaptive Security Appliance ASA is missing a vendor-supplied security patch and is therefore affected by the following vulnerabilities : - A flaw exists in the failover ipsec feature due to not properly handling failover communication messages. An unauthenticated attacker, sendin...

SAP NetWeaver 7.4 - XXE

Application: SAP NetWeaver Portal 7.4 Vendor URL: http://www.sap.com Bugs: XML eXternal Entity Reported: 16.04.2015 Vendor response: 17.04.2015 Date of Public Advisory: 11.08.2015 Reference: SAP Security Note 2168485 Authors: Roman Bezhan ERPScan VULNERABILITY INFORMATION Class: XML External Enti...

PT-2015-3363

Name of the Vulnerable Software and Affected Versions libxml2 affected versions not specified Description The issue is related to insufficient restriction of XML links to external objects in the libxml2 library's XML file parser. This can be exploited by a remote attacker using a specially crafte...

Design/Logic Flaw

The XML parser in Cisco Adaptive Security Appliance ASA Software 8.4 before 8.47.28, 8.6 before 8.61.17, 9.0 before 9.04.33, 9.1 before 9.16, 9.2 before 9.23.4, and 9.3 before 9.33, when Clientless SSL VPN, AnyConnect SSL VPN, or AnyConnect IKEv2 VPN is used, allows remote attackers to cause a...

CVE-2015-0677

The CVE-2015-0677 issue affects Cisco ASA Software: the XML parser in ASA web/VPN components can be triggered by a crafted XML document to cause a denial of service (VPN outage or device reload). Affected versions include ASA 8.4 up to 8.4(7.28), 8.6 up to 8.6(1.17), 9.0 up to 9.0(4.33), 9.1 up t...

CVE-2015-0677

The XML parser in Cisco Adaptive Security Appliance ASA Software 8.4 before 8.47.28, 8.6 before 8.61.17, 9.0 before 9.04.33, 9.1 before 9.16, 9.2 before 9.23.4, and 9.3 before 9.33, when Clientless SSL VPN, AnyConnect SSL VPN, or AnyConnect IKEv2 VPN is used, allows remote attackers to cause a...

Cisco ASA VPN XML Parser Denial of Service Vulnerability

The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. A security vulnerability exists in Cisco ASA Software's XML parser that stems from a failure to effectively strengthen the XML parser configuration. It could be exploited b...

drchrono: XML Parser Bug: XXE over which leads to RCE

Hello security team, I have reported this issue on Feb 6, 2015 and i'm resubmit it here again. I was able to do XXE attack on your site and exposed the /etc/passwd file. Scenario: 1. Login to drchrono site. 2. Click on patients-patient 3. Click on ' Update patient via C-CDA XML.' 4. Select the fi...

PT-2015-1057 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software versions 8.4 through 8.47.27 Cisco Adaptive Security Appliance ASA Software versions 8.6 through 8.61.16 Cisco Adaptive Security Appliance ASA Software versions 9.0 through 9.04.32 Cisco Adaptive...

[SECURITY] Fedora 20 Update: xerces-c-3.1.1-6.fc20

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

[SECURITY] Fedora 20 Update: mingw-xerces-c-3.1.1-9.fc20

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

[SECURITY] Fedora 21 Update: xerces-c-3.1.1-8.fc21

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

Debian DLA-181-1 : xerces-c security update

Anton Rager and Jonathan Brossard from the Salesforce.com Product Security Team and Ben Laurie of Google discovered a denial of service vulnerability in xerces-c, a validating XML parser library for C++. The parser mishandles certain kinds of malformed input documents, resulting in a segmentation...

DLA-181-1 xerces-c - security update

Bulletin has no description...

[SECURITY] Fedora 22 Update: mingw-xerces-c-3.1.2-1.fc22

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

Debian DLA-172-1 : libextlib-ruby security update

Import patches 633974b2759d9b92 and 4540e7102b803624 from uptream to remove symbol and YAML coercion from the XML parser. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format i...

Xerces-C++ XML Parsing Remote Denial of Service Vulnerability

Xerces is promoted by the Apache organization of an XML document parsing open source project . A vulnerability in the processing of XML data in internal/XMLReader.cpp in Apache Xerces-C allows remote attackers to conduct denial-of-service attacks...

Debian DSA-3199-1 : xerces-c - security update

Anton Rager and Jonathan Brossard from the Salesforce.com Product Security Team and Ben Laurie of Google discovered a denial of service vulnerability in xerces-c, a validating XML parser library for C++. The parser mishandles certain kinds of malformed input documents, resulting in a segmentation...