Critical: php

Issue Overview: A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xmlparseintostruct function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly,...

Oracle Linux 6 : java-1.6.0-openjdk (ELSA-2012-0729)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0729 advisory. 1:1.6.0.0-1.48.1.11.3 - Access gnome bridge jar is forced to have 644 permissions - Resolves: rhbz828751 1:1.6.0.0-1.47.1.11.3 - Modified patch3,...

Oracle Linux 5 : PyXML (ELSA-2010-0002)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2010-0002 advisory. 0.8.4-4.2 - Use system expat library Resolves: 531852 0.8.4-4.1 - Fix buffer over read Resolves: 531852 Tenable has extracted the preceding description block...

Apache CXF多个远程拒绝服务漏洞(CVE-2013-2160)

BUGTRAQ ID: 61030 CVECAN ID: CVE-2013-2160 Apache CXF是一个开源服务框架，用于使用JAX-WS、JAX-RS等前端编程API编译和开发服务。 Apache CXF 2.5.10, 2.6.7, 2.7.4存在多个远程拒绝服务漏洞，流XML解析器没有限制元素数、属性数、接收文档嵌套结构等，攻击者利用这些漏洞可造成应用崩溃，导致拒绝服务。 0 Apache Group CXF = 2.5.10 Apache Group CXF 2.7.4 Apache Group CXF 2.6.7 厂商补丁： Apache Group...

DEBIAN-CVE-2013-2877

parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service out-of-bounds read via a document that ends abruptly, related to the lack of certain checks for the XMLPARSEREOF state...

Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service

Exploit for multiple platform in category dos / poc ======================================================================= title: Denial of service vulnerability product: Apache CXF vulnerable version: Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 fixed version: Apache CXF 2.5.10, 2.6.7 and 2.7.4...

PHP5 -- Heap corruption in XML parser

The PHP development team reports: ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted document that is processed by the...

Apache CXF Denial of Service Vulnerabilities Patched

The Apache Software Foundation has patched a denial of service vulnerability in the XML parser of the Apache CXF Web services framework. Researchers, Andreas Falkenberg from Sec Consult Vulnerability Labs, and Christian Mainka, Juraj Somorovsky, and Joerg Schwenk from Ruhr-University Bochum,...

Apache CXF < 2.5.10/2.6.7/2.7.4 - Denial of Service

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Denial of service vulnerability product: Apache CXF vulnerable version: Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 fixed version: Apache CXF 2.5.10, 2.6.7 and 2.7.4...

Atlassian Crowd Xml eXternal Entity (XXE) Injection Vulnerability

This host is running Atlassian Crowd and is prone to xml external entity injection vulnerability. OpenVAS Vulnerability Test $Id: gbatlassiancrowdxxeinjvuln.nasl 5842 2017-04-03 13:15:19Z cfi $ Atlassian Crowd Xml eXternal Entity XXE Injection Vulnerability Authors: Thanga Prakash S Copyright:...

ModSecurity < 2.7.3 XML External Entity (XXE) Data Parsing Arbitrary File Disclosure

According to its banner, the version of ModSecurity installed on the remote host is earlier than 2.7.3. It is, therefore, potentially affected by a file disclosure vulnerability. An improperly configured XML parser could allow untrusted XML entities from external sources to be accepted, thus...

CVE-2009-5135

The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows remote attackers to read arbitrary files via a request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

CVE-2009-5135

The Echo Java XML parser has an XXE vulnerability: versions before 2.1.1 and 3.x before 3.0.b6 allow remote attackers to read arbitrary files via an external entity declaration combined with an entity reference. Remediation: upgrade to Echo 2.1.1+ or 3.0.b6+.

Google Chrome < 18.0.1025.168 Multiple Vulnerabilities

Binary data 6783.pasl...

Cisco Unified Presence XMPP Denial of Service Vulnerability

The XML parser of Cisco Unified Presence contains a vulnerability that could allow an authenticated, remote attacker to trigger a crash of the jabberd process, causing a denial of service condition. The vulnerability is due to insufficient validation of crafted XML in Extensible Messaging and...

CVE-2013-1197

The XML parser in the server in Cisco Unified Presence CUP allows remote authenticated users to cause a denial of service jabberd daemon crash via crafted XML content in an XMPP message, aka Bug ID CSCue13912...

Code injection

The XML parser in the server in Cisco Unified Presence CUP allows remote authenticated users to cause a denial of service jabberd daemon crash via crafted XML content in an XMPP message, aka Bug ID CSCue13912...

CVE-2013-1197

The XML parser in the server in Cisco Unified Presence CUP allows remote authenticated users to cause a denial of service jabberd daemon crash via crafted XML content in an XMPP message, aka Bug ID CSCue13912...

CVE-2013-1197

The CVE-2013-1197 issue affects Cisco Unified Presence (CUP): the server's XML parser in the jabberd process can be triggered by crafted XMPP messages by an authenticated remote attacker to cause a denial of service (jabberd daemon crash). The vulnerability is due to insufficient validation of XM...

Code injection

The XML parser in the Cisco Jabber IM application for Android allows remote authenticated users to cause a denial of service blocked connection by leveraging an entry on a Buddy list and sending a crafted XMPP presence update message, aka Bug ID CSCue38383...