EUVD-2022-0689

Malicious code in bioql PyPI...

RHEL 4 : php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - php: paths with NULL character were considered valid CVE-2006-7243 - php: XSLT file writing vulnerability...

CVE-2024-25413

A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file...

GHSA-J63V-WCF9-C9HM Magento 2 Community Edition RCE Vulnerability

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these...

GHSA-RQ96-QHC5-VM4R Exposure of Sensitive Information to an Unauthorized Actor in Apache NiFi

In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information...

Exposure of Sensitive Information to an Unauthorized Actor in Apache NiFi

In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information...

Apache NiFi code issue vulnerability (CNVD-2021-102797)

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation and system intermediary logic. A code issue vulnerability exists in Apache NiFi's TransformXML, which stems from a vulnerability in Apache NiFi's...

CVE-2021-44145

CVE-2021-44145 affects the Apache NiFi TransformXML processor (before 1.15.1). An authenticated user could configure an XSLT file that contains external entity calls, potentially revealing sensitive information due to an XXE. The issue is documented across multiple sources, with remediation advis...

Remote code execution

A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files...

CVE-2019-8119

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these...

Remote code execution

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these...

CVE-2019-8119

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these...

Apache Solr SolrResourceLoader Directory Traversal (CVE-2013-6397)

A directory traversal vulnerability has been reported in Apache Solr. The vulnerability is due to insufficient validation of the resource paths passed to certain Solr REST services. A remote attacker can exploit this vulnerability by sending a specially crafted request to Apache Solr. Successful...

MGASA-2013-0326 Updated thunderbird package fixes security vulnerabilities

Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird CVE-2013-5590, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602...

Apple Safari libxslt File Create

Added: 10/24/2011 CVE: CVE-2011-1774 BID: 48840 OSVDB: 74017 Background Safari is a web browser for Mac OS X and Windows. Problem Safari versions prior to 5.0.6 use unsafe security settings when implementing libxslt. An attacker may leverage this weakness by creating a web page that references a...

SuSE 11.1 Security Update : libwebkit (SAT Patch Number 4917)

This update of libwebkit fixes : - XSLT file creation allowed webpages evaluating XSLT code to create files. CVE-2011-1774 - ZDI-11-139 Webkit Anonymous Frame remote code exec %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...