1178 matches found
EulerOS Virtualization 3.0.1.0 : libxml2 (EulerOS-SA-2019-1559)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs...
Denial Of Service (DoS)
libxml2 is vulnerable to denial of service. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath...
Denial Of Service (DoS)
libxml2 is vulnerable to denial of service. Multiple flaws were found in the way libxml2 parsed certain XPath XML Path Language expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run...
Denial Of Service (DoS)
libxml2 is vulnerable to denial of service. Remote attackers are able to crash the application due to a double free vulnerability related to XPath handling...
Out-Of-Bounds Read
libxslt is a library for transforming XML files into other textual formats including HTML, plain text, and other XML representations of the underlying data using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates...
EulerOS 2.0 SP5 : libxml2 (EulerOS-SA-2019-1316)
According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A null pointer dereference vulnerability exists in the xpath function of libxml2 when parsing invalid XPath expression. Applications processing...
EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2019-1315)
According to the version of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A null pointer dereference vulnerability exists in the xpath function of libxml2 when parsing invalid XPath expression. Applications processing...
[SECURITY] Fedora 29 Update: libxmlb-0.1.8-2.fc29
XML is slow to parse and strings inside the document cannot be memory mappe d as they do not have a trailing NUL char. The libxmlb library takes XML source, and converts it to a structured binary representation with a deduplicated string table -- where the strings have the NULs included. This...
Versa Networks: Versa Director is susceptible to Command Injection attacks (e.g., SQL, LDAP, XML, Xpath)
In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data forms, cookies, HTTP headers etc. to a...
SUSE-SU-2019:13985-1 Security update for libxml2
This update for libxml2 fixes the following issues: Security issue fixed: - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval function when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case leading to a denial of service attack bsc1102046 Other Issue...
XPath Injection
python-saml is vulnerable to xpath injection attacks. The vulnerability exists as DTD on the fromstring method was not disabled by default, allowing xpath injection attacks...
MGASA-2019-0047 Updated libxml2 packages fix security vulnerabilities
A flaw was found in libxml2 2.9.8. The xzdecomp function in xzlib.c, if --with-lzma is used, allows remote attackers to cause a denial of service infinite loop via a crafted XML file that triggers LZMAMEMLIMITERROR, as demonstrated by xmllint CVE-2018-9251, CVE-2018-14567. A null pointer...
Joomla vWishlist 1.0.1 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component vWishlist 1.0.1 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link:...
Joomla! Component vWishlist 1.0.1 - SQL Injection
Exploit Title: Joomla! Component vWishlist 1.0.1 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link: https://extensions.joomla.org/extensions/extension/extension-specific/virtuemart-extensions/vwishlist/ Version: 1.0.1...
Nokogiri NULL Pointer Dereference
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerab...
GHSA-6QVP-R6R3-9P7H Nokogiri NULL Pointer Dereference
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerab...
[SECURITY] Fedora 28 Update: python-lxml-4.2.5-1.fc28
lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries. It provides safe and convenient access to these libraries using the ElementTre e It extends the ElementTree API significantly to offer support for XPath, Relax NG, XML Schema, XSLT, C14N and much more.To contact the project...
[SECURITY] Fedora 29 Update: python-lxml-4.2.5-1.fc29
lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries. It provides safe and convenient access to these libraries using the ElementTre e It extends the ElementTree API significantly to offer support for XPath, Relax NG, XML Schema, XSLT, C14N and much more.To contact the project...
Null pointer vulnerability in libxml2 'xpath.c:xmlXPathCompOpEval()' function
Libxml2 is the GNOME project team developed a C-based language used to parse XML documents library , which supports a variety of encoding formats , Xpath parsing , Well-formed and valid validation and so on. A security vulnerability exists in the 'xpath.c:xmlXPathCompOpEval' function in libxml2...
[SECURITY] Fedora 29 Update: xml-security-c-2.0.2-1.fc29
The xml-security-c library is a C++ implementation of the XML Digital Signature specification. The library makes use of the Apache XML project's Xerces-C XML Parser and Xalan-C XSLT processor. The latter is used for processing XPath and XSLT transforms...