NULL pointer dereference in libxml2 through 2.9.8

when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing...

The vulnerability of the ezxml_parse_str function in the ezXML XML document syntax analysis library allows a attacker to cause a service failure.

The vulnerability of the ezxmlparsestr function in the ezXML XML syntax analysis library is related to the exploitation of xml blind xpath injection. Exploiting this vulnerability allows a malicious actor to cause service failures using a specially created XML file...

desertmuseum.org Cross Site Scripting vulnerability OBB-3500250

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

OSV-2023-518 Security exception in com.code_intelligence.jazzer.sanitizers.XPathInjection.checkXpathExecute

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60148 Crash type: Security exception Crash state: com.codeintelligence.jazzer.sanitizers.XPathInjection.checkXpathExecute org.hamcrest.xml.HasXPath.compiledXPath org.hamcrest.xml.HasXPath...

PT-2023-35886 · Unknown · Com.Code Intelligence.Jazzer.Sanitizers.Xpathinjection +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A security exception crash was reported, involving the checkXpathExecute function from com.code intelligence.jazzer.sanitizers.XPathInjection, and the...

The vulnerability in the web interface of the Juniper Networks Junos OS operating system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability in the J-Web web interface of the Juniper Networks Junos OS system is related to improper input validation. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to protected information by adding an XPath command to the XPath stream...

ruby-saml vulnerable to XPath injection

xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...

GHSA-R364-2PJ4-PF7F ruby-saml vulnerable to XPath injection

xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...

CVE-2015-20108

xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...

CVE-2015-20108

xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...

DEBIAN-CVE-2015-20108

xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...

CVE-2015-20108

xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...

Design/Logic Flaw

xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...

OneLogin ruby-saml 命令注入漏洞

Onelogin OneLogin ruby-saml is a Ruby-based SAML Security Assertion Markup Language library for Single Sign-On SSO services from Onelogin, USA. A security vulnerability exists in OneLogin ruby-saml prior to version 1.0.0, which stems from not using pre-defined statements, causing xmlsecurity.rb i...

CVE-2015-20108

xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...

CVE-2015-20108

xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...

CVE-2015-20108

The CVE-2015-20108 issue affects the ruby-saml gem prior to 1.0.0, where xml_security.rb enables XPath injection and code execution because prepared statements are not used. Affected component: ruby-saml XML security handling. Root cause: lack of prepared statements in XPath processing leads to i...

CVE-2015-20108

xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...

Understanding XPath Injection Vulnerabilities

The ability to trigger XPath queries with user-supplied information introduces the risk of XPath injection attacks. Read on to explore how these attacks work and discover how to keep your XPath queries secure...

OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...