expat: buffer over-read and crash on XML with malformed UTF-8 sequences

The updatePosition function in lib/xmltokimpl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service application crash via an XML document with crafted UTF-8 sequences that trigger a buffer over-read,...

Novell File Reporter Agent XML Parser Buffer Overflow

Added: 05/16/2011 CVE: CVE-2011-0994 BID: 47144 OSVDB: 71980 Background Novell File Reporter is software that allows network administrators to identify files stored on the network and generates reports regarding the size of individual files, file type, when files were last accessed, and where...

Novell File Reporter Agent XML Parser Buffer Overflow

Added: 05/16/2011 CVE: CVE-2011-0994 BID: 47144 OSVDB: 71980 Background Novell File Reporter is software that allows network administrators to identify files stored on the network and generates reports regarding the size of individual files, file type, when files were last accessed, and where...

Novell File Reporter Agent XML Parser Buffer Overflow

Added: 05/16/2011 CVE: CVE-2011-0994 BID: 47144 OSVDB: 71980 Background Novell File Reporter is software that allows network administrators to identify files stored on the network and generates reports regarding the size of individual files, file type, when files were last accessed, and where...

expat: buffer over-read and crash on XML with malformed UTF-8 sequences

The updatePosition function in lib/xmltokimpl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service application crash via an XML document with crafted UTF-8 sequences that trigger a buffer over-read,...

CVE-2010-3322

The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity XXE attack to unknown vectors...

Xxe

The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity XXE attack to unknown vectors...

CVE-2010-3322

The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity XXE attack to unknown vectors...

CVE-2010-3322

Summary: CVE-2010-3322 affects Splunk 4.0.0–4.1.4 due to an XML External Entity (XXE) flaw in the XML parser. Remote authenticated users could obtain sensitive information and gain privileges via XXE. Details in connected documents confirm the affected software and the underlying cause, but no ex...

Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)

Check for the Version of tomcat5 OpenVAS Vulnerability Test Mandriva Update for tomcat5 MDVSA-2010:176 tomcat5 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5)

Check for the Version of tomcat5 OpenVAS Vulnerability Test Mandriva Update for tomcat5 MDVSA-2010:176 tomcat5 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

apr-util billion laughs attack

The expat XML parser in the aprxml interface in xml/aprxml.c in Apache APR-util before 1.3.7, as used in the moddav and moddavsvn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via a crafted XML document containing a large number of nest...

Multiple Adobe Products - XML External Entity And XML Injection Vulnerabilities

, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Multiple Adobe Products XML External Entity And XML Injection Vulnerabilities CVE: CVE-2009-3960 Adobe PSIRT: APSB10-05 -...

Debian DSA-1984-1 : libxerces2-java - denial of service

It was discovered that libxerces2-java, a validating XML parser for Java, does not properly process malformed XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

[SECURITY] [DSA 1984-1] New libxerces2-java packages fix denial of service

------------------------------------------------------------------------ Debian Security Advisory DSA-1984-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano January 30, 2010 http://www.debian.org/security/faq -...

Firefox version 3.6 XML parser memory corruption proof of concept denial of service exploit

No description provided by source. Firefox version 3.6 XML parser memory corruption proof of concept denial of service exploit http://paper.sebug.net/2010-exploits/1001-exploits/Firefox-Po20100124.rar...

DSA-1984-1 libxerces2-java - denial of service

Bulletin has no description...

Mozilla Firefox 3.6 - XML Parser Memory Corruption (PoC) / Denial of Service

Firefox 3.6XML parsermemory corruption PoC/Dos by d3b4g From tiny islands of maldivies Tested: version 3.6 Tested on windows XP SP3 20-01-2010 This same bug was in early version of firfox,found by Wojciech Pawlikowski This is just a update. This vulnerability cause a denial of service memory...

Opera 10.10 - XML Parser Denial of Service (PoC)

From tiny islands of maldivies d3b4g.info Tested: version 10.10 Tested on windows XP SP3 20-01-2010 special thanks to peter Van Eeckhoutte after opening the opera.html broswer hang for a while and crush.same bug in firefox too :d This vulnerability cause a denial of service memory corruption via ...

Firefox 3.6 (XML parser) Memory Corruption PoC/DoS

Exploit for unknown platform in category dos / poc ================================================== Firefox 3.6 XML parser Memory Corruption PoC/DoS ================================================== Firefox 3.6XML parsermemory corruption PoC/Dos by d3b4g From tiny islands of maldivies Tested:...