CVE-2008-4482

The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service stack consumption and crash via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file...

Design/Logic Flaw

The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service stack consumption and crash via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file...

CVE-2008-4482

Xerces-C++ vulnerability CVE-2008-4482: The XML parser (before 3.0.0) is exploitable via a crafted XML schema definition with a large maxOccurs value, causing excessive memory consumption during validation and leading to a denial of service (stack growth/crash). Affected component: Xerces-C++ XML...

CVE-2008-4482

The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service stack consumption and crash via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file...

FreeBSD Ports: jabber

The remote host is missing an update to the system as announced in the referenced advisory. VID 2e25d38b-54d1-11d9-b612-000c6e8f12ef OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Netragard Security Advisory 2007-06-28

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NETRAGARD ADVISORY http://www.netragard.com "We make IT Safe" Advisory Summary - ---------------------------------------------------------------------- Advisory Author : Adriel T. Desautels Researcher : Kevin Finisterre Advisory ID : NETRAGARD-2007062...

Pidgin UPnP和Jabber协议处理拒绝服务漏洞

BUGTRAQ ID: 29985 Pidgin是支持多种协议的即时通讯客户端。 Pidgin的XML解析器在解析畸形XML文件时存在内存泄露漏洞。不可信任的XML文档是通过UPnP和Jabber协议交换的，而UPnP实现没有限制HTTP下载的大小。由于可通过包含有任意URL的UDP报文触发下载，因此攻击者可以导致Pidgin从网站下载任意大小的文档，耗费带宽资源。 仅在有限的环境中才会出现上述两个漏洞： XML内存泄露漏洞要求用户连接到恶意的Jabber服务器，或连接到转发过程中无法检查畸形XML的Jabber服务器；仅在Pidgin启动时很小的时间窗口才可以利用UPnP漏洞。...

Trillian 3.1.9 - .DTD File XML Parser Buffer Overflow

Trillian 3.1.9 - .DTD File XML Parser Buffer Overflow source: https://www.securityfocus.com/bid/28747/info Trillian is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. To exploit this issue, an attacker must entice an unsuspecti...

Trillian 3.1.9 - '.DTD' File XML Parser Buffer Overflow

source: https://www.securityfocus.com/bid/28747/info Trillian is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. To exploit this issue, an attacker must entice an unsuspecting user to load a malicious '.dtd' file. Successfully...

podcast-rfidisclose.txt

Podcast Generator = 1.0 BETA 2 RFI / File Disclosure Remote Vulnerabilities http://sourceforge.net/project/showfiles.php?groupid=163847 POC : I- Remote File Inclusion Vulnerabilities /podcastgen1.0beta2/components/xmlparser/loadparser.php?absoluteurl=shell...

Podcast Generator 1.0 Beta 2 - Remote File Inclusion / File Disclosure

Podcast Generator = 1.0 BETA 2 RFI / File Disclosure Remote Vulnerabilities http://sourceforge.net/project/showfiles.php?groupid=163847 POC : I- Remote File Inclusion Vulnerabilities /podcastgen1.0beta2/components/xmlparser/loadparser.php?absoluteurl=shell...

libxml2: Denial of service

Background libxml2 is the XML eXtended Markup Language C parser and toolkit initially developed for the Gnome project. Description Brad Fitzpatrick reported that the xmlCurrentChar function does not properly handle some UTF-8 multibyte encodings. Impact A remote attacker could entice a user to op...

Ubuntu 5.04 / 6.06 LTS : openoffice.org-amd64, openoffice.org vulnerabilities (USN-313-1)

It was possible to embed Basic macros in documents in a way that OpenOffice.org would not ask for confirmation about executing them. By tricking a user into opening a malicious document, this could be exploited to run arbitrary Basic code including local file access and modification with the user...

Ubuntu 5.10 : openoffice.org2-amd64, openoffice.org2 vulnerabilities (USN-313-2)

USN-313-1 fixed several vulnerabilities in OpenOffice for Ubuntu 5.04 and Ubuntu 6.06 LTS. This followup advisory provides the corresponding update for Ubuntu 5.10. For reference, these are the details of the original USN : It was possible to embed Basic macros in documents in a way that...

CVE-2002-2366

Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml...

CVE-2002-2366

The CVE-2002-2366 entry concerns Trillian (versions 0.6351, 0.725 and 0.73) with a buffer overflow in the XML parser. The vulnerability can be triggered by a skin with a long colors filename in trillian.xml, allowing remote attackers to cause a crash and possibly execute arbitrary code. The descr...

CVE-2006-5475

Multiple cross-site scripting XSS vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed...

CVE-2006-5475

Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 have XSS in the XML parser via a crafted RSS feed, allowing remote script or HTML injection. Affected component: Drupal XML parser. Root cause: insufficient validation in RSS feed handling. Impact per sources: potential for arbitrary web content e...

CVE-2006-5475

Multiple cross-site scripting XSS vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed...

[DRUPAL-SA-2006-024] Drupal 4.6.10 / 4.7.4 fixes multiple XSS issues

------------------------------------------------------------------------ ---- Drupal security advisory DRUPAL-SA-2006-024 ------------------------------------------------------------------------ ---- Project: Drupal core Date: 2006-Oct-18 Security risk: Moderately critical Exploitable from: Remot...