1178 matches found
Information disclosure
A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.34, Mendix Applications using Mendix 8 All versions V8.18.23, Mendix Applications using Mendix 9 All versions V9.22.0, Mendix Applications using Mendix 9 V9.12 All versions V9.12.10, Mendix Applications...
CVE-2023-23835
A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.34, Mendix Applications using Mendix 8 All versions V8.18.23, Mendix Applications using Mendix 9 All versions V9.22.0, Mendix Applications using Mendix 9 V9.12 All versions V9.12.10, Mendix Applications...
CVE-2023-23835
A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.34, Mendix Applications using Mendix 8 All versions V8.18.23, Mendix Applications using Mendix 9 All versions V9.22.0, Mendix Applications using Mendix 9 V9.12 All versions V9.12.10, Mendix Applications...
CVE-2023-23835
Siemens Mendix Runtime suffers an improper access control vulnerability (CVE-2023-23835) that can allow bypassing XPath constraints to retrieve information via error-triggering XPath queries. Affected products include Mendix Application runtimes prior to: 7.23.34, 8.18.23, 9.22.0, 9.12.x before 9...
Siemens Mendix Runtime Access Control Improper Vulnerability
Mendix is a highly productive application platform that enables you to build and continuously improve mobile and web applications at scale.An improper access control vulnerability exists in Siemens Mendix Runtime, which could be exploited by an attacker to bypass XPath constraints and retrieve...
PT-2023-6756 · Mendix · Mendix
Name of the Vulnerable Software and Affected Versions: Mendix versions prior to 7.23.34 Mendix versions prior to 8.18.23 Mendix versions prior to 9.22.0 Mendix 9.12 versions prior to 9.12.10 Mendix 9.18 versions prior to 9.18.4 Mendix 9.6 versions prior to 9.6.15 Description: The issue is related...
Siemens Mendix 访问控制错误漏洞
Mendix is a highly productive application platform that enables you to build and continuously improve mobile and web applications at scale.An improper access control vulnerability exists in Siemens Mendix Runtime, which could be exploited by an attacker to bypass XPath constraints and retrieve...
CVE-2022-4725
A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to...
PT-2022-28039 · Amazon · Aws Sdk
Name of the Vulnerable Software and Affected Versions: AWS SDK version 2.59.0 Description: A critical issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request...
[SECURITY] Fedora 36 Update: rubygem-nokogiri-1.13.10-1.fc36
Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the change to using correct CSS and XPath...
GHSA-7VX2-5349-QJ99 Withdrawn: ConcreteCMS vulnerable to Xpath injection attacks
Withdrawn This advisory has been withdrawn because it has been found not to be a security issue and withdrawn by its CNA. Please see the message from NVD here for more information. This link is maintained to preserve external references. Original Description ConcreteCMS v9.1.3 was discovered to b...
Withdrawn: ConcreteCMS vulnerable to Xpath injection attacks
Withdrawn This advisory has been withdrawn because it has been found not to be a security issue and withdrawn by its CNA. Please see the message from NVD here for more information. This link is maintained to preserve external references. Original Description ConcreteCMS v9.1.3 was discovered to b...
Concrete CMS 9.1.3 XPATH Injection
Title: concretecms-9.1.3 Xpath injection Author: nu11secur1ty Date: 11.28.2022 Vendor: https://www.concretecms.org/ Software: https://www.concretecms.org/download Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3 Description: The...
[SECURITY] Fedora 37 Update: libxml2-2.10.3-2.fc37
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...
stacks.hpcf.upr.edu Cross Site Scripting vulnerability OBB-3035104
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Exploit for Improper Verification of Cryptographic Signature in Passport-Saml_Project Passport-Saml
Exploiting CVE-2022-39299 Signature bypass via multiple ro...
High-Severity Flaws in Juniper Junos OS Affect Enterprise Networking Devices
Multiple high-severity security flaws have been disclosed as affecting Juniper Networks devices, some of which could be exploited to achieve code execution. Chief among them is a remote pre-authenticated PHP archive file deserialization vulnerability CVE-2022-22241, CVSS score: 8.1 in the J-Web...
Fedora: Security Advisory for libxml2 (FEDORA-2022-aeafd24818)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: libxml2-2.10.3-1.fc36
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...
CVE-2022-22243
An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to add an XPath command to the XPath stream, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of...