2720 matches found
CVE-2009-1955
CVE-2009-1955 affects the Expact XML parser used by the apr_xml_* interface in xml/apr_xml.c of APR-util, with the vulnerability present in APR-util prior to 1.3.7. In Apache HTTP Server deployments that enable mod_dav and mod_dav_svn, a crafted XML document containing a large number of nested en...
CVE-2009-1955
The expat XML parser in the aprxml interface in xml/aprxml.c in Apache APR-util before 1.3.7, as used in the moddav and moddavsvn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via a crafted XML document containing a large number of nest...
Code injection
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the 1 web.xml, 2 context.xml, or 3 tld files of arbitrary web applications via a crafted...
CVE-2009-0783
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the 1 web.xml, 2 context.xml, or 3 tld files of arbitrary web applications via a crafted...
CVE-2009-0783
CVE-2009-0783 affects multiple Apache Tomcat lines (4.1.0–4.1.39, 5.5.0–5.5.27, 6.0.0–6.0.18). The issue allows a local attacker to replace the XML parser used by web applications, enabling reading or modification of other applications’ files such as (1) web.xml, (2) context.xml, or (3) tld files...
CVE-2009-0783
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the 1 web.xml, 2 context.xml, or 3 tld files of arbitrary web applications via a crafted...
[SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-0783: Apache Tomcat information disclosure vulnerability Severity: low Vendor: The Apache Software Foundation Versions Affected: Tomcat 6.0.0 to 6.0.18 Tomcat 5.5.0 to 5.5.27 Tomcat 4.1.0 to 4.1.39 The unsupported Tomcat 3.x, 4.0.x and 5.0.x...
CVE-2009-0783
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the 1 web.xml, 2 context.xml, or 3 tld files of arbitrary web applications via a crafted...
CentOS 3 / 4 / 5 : libxml2 (CESA-2008:0988)
Updated libxml2 packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. libxml2 is a library for parsing and manipulating XML files. It includes support...
Mandriva Linux Security Advisory : libxml2 (MDVSA-2008:231)
Drew Yao of the Apple Product Security Team found two flaws in libxml2. The first is a denial of service flaw in libxml2's XML parser. If an application linked against libxml2 were to process certain malformed XML content, it cause the application to enter an infinite loop CVE-2008-4225. The seco...
Apple Safari XML解析器嵌套XML标记远程拒绝服务漏洞
BUGTRAQ ID: 34318 CNCAN ID:CNCAN-2009040101 Apple Safari是一款流行的WEB浏览器。 Apple Safari处理XML标签存在问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 构建包含嵌套的XML标签的WEB页,诱使Apple Safari解析,可导致应用程序崩溃。 Apple Safari 3.2.2 for Windows Apple Safari 4 Beta Apple Safari 3.2 目前没有解决方案提供: http://www.apple.com/ Author : Ahmed Obied...
Buffer overflow
Buffer overflow in the XML parser in Trillian 3.1.9.0, and possibly earlier, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted DTD file...
CVE-2008-6563
Buffer overflow in the XML parser in Trillian 3.1.9.0, and possibly earlier, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted DTD file...
CVE-2008-6563
Buffer overflow in the XML parser in Trillian 3.1.9.0, and possibly earlier, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted DTD file...
CVE-2008-6563
CVE-2008-6563 describes a buffer overflow in the XML parser of Trillian, affected as of version 3.1.9.0 (and possibly earlier). A crafted DTD file can be used by a remote attacker to cause a crash and potentially execute arbitrary code. Public references consistently name Trillian Buffer Overflow...
Mozilla Firefox 3.0.x - XML Parser Memory Corruption Denial of Service (PoC)
Mozilla Firefox 3.0.x - XML Parser Memory Corruption Denial of Service PoC Firefox memory corruption PoC/DoS in XUL XML parser https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/8306.rar 2009-Firefox-XUL-0day-PoC.rar milw0rm.com 2009-03-30...
Mozilla Firefox 3.0.x - XML Parser Memory Corruption / Denial of Service (PoC)
Firefox memory corruption PoC/DoS in XUL XML parser https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/8306.rar 2009-Firefox-XUL-0day-PoC.rar milw0rm.com 2009-03-30...
Firefox 3.0.x (XML Parser) Memory Corruption / DoS PoC
Exploit for unknown platform in category dos / poc ====================================================== Firefox 3.0.x XML Parser Memory Corruption / DoS PoC ====================================================== Firefox memory corruption PoC/DoS in XUL XML parser...
GLSA-200903-19 : Xerces-C++: Denial of Service
The remote host is affected by the vulnerability described in GLSA-200903-19 Xerces-C++: Denial of Service Frank Rast reported that the XML parser in Xerces-C++ does not correctly handle an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during the...
Xerces-C++: Denial of service
Background Xerces-C++ is a validating XML parser written in a portable subset of C++. Description Frank Rast reported that the XML parser in Xerces-C++ does not correctly handle an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during the validatio...