PT-2026-38489

Summary Nokogiri's Nokogiri::XSLT::Stylesheettransform leaks a small heap allocation when passed a Ruby string parameter containing a null byte. For applications that pass attacker-controlled input through XSLT.transform parameters, this may be a vector for a denial of service attack against...

Security Bulletin: IBM webMethods Integration Sever is affected by remote code execution via pub.xslt.transformSerialXML

Summary IBM webMethods Integration Sever is affected by remote code execution via pub.xslt.transformSerialXML. CVE-2025-36202 Vulnerability Details CVEID:CVE-2025-36202 DESCRIPTION: IBM webMethods Integration could allow an authenticated user with required execute Services to execute commands on...

Ektron 8.5 / 8.7 / 9.0 XSLT Transform Remote Code Execution Exploit

Ektron versions 8.5, 8.7 equal to and below sp1, and 9.0 before sp1 have vulnerabilities in various operations within the ServerControlWS.asmxweb services. These vulnerabilities allow for remote code execution without authentication and execute in the context of IIS on the remote system. This...

Ektron 8.5 / 8.7 / 9.0 XSLT Transform Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Ektron 8.5, 8.7, 9.0 XSLT Transform Remote Code Execution', 'Description' = %q Ektron 8.5, 8.7 'catatonicprime' , 'License' =...

Sun Java JRE XML Signature Command Injection (102993) (Unix)

The version of Sun Java Runtime Environment JRE installed on the remote host reportedly does not securely process XSLT stylesheets containing XSLT Transforms in XML Signatures. If an attacker can pass a specially crafted XSLT stylesheet to a trusted Java application running on the remote host, it...

Ektron 8.02 XSLT Transform Remote Code Execution

This Metasploit module exploits a vulnerability in Ektron CMS 8.02 before SP5. The vulnerability exists due to the insecure usage of XslCompiledTransform, using a XSLT controlled by the user. The module has been tested successfully on Ektron CMS 8.02 over Windows 2003 SP2, which allows to execute...

Ektron 8.02 - XSLT Transform Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'msf/core/exploit/filedropper' class Metasploit3...

Debian Security Advisory DSA 2399-1 (php5)

The remote host is missing an update to php5 announced via advisory DSA 2399-1. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Debian: Security Advisory (DSA-2399-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 2399-1 (php5)

The remote host is missing an update to php5 announced via advisory DSA 2399-1. OpenVAS Vulnerability Test $Id: deb23991.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2399-1 php5 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Debian DSA-2399-2 : php5 - several vulnerabilities

Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2011-1938 The UNIX socket handling allowed attackers to trigger a buffer overflow via a long path name. - CVE-2011-2483 The...

[SECURITY] [DSA 2399-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2399-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst January 31, 2012 http://www.debian.org/security/faq -...

DSA-2399-1 php5 - several

Bulletin has no description...

CentOS 4 / 5 : firefox (CESA-2009:0397)

Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime...

firefox, xulrunner security update

CentOS Errata and Security Advisory CESA-2009:0397 Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source W...

RedHat Security Advisory RHSA-2009:0397

The remote host is missing updates announced in advisory RHSA-2009:0397. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A...

RedHat Security Advisory RHSA-2009:0398

The remote host is missing updates announced in advisory RHSA-2009:0398. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A memory corruption flaw was discovered in the way SeaMonkey handles XML files containing an XSLT transform. A remote...

RedHat Security Advisory RHSA-2009:0398

The remote host is missing updates announced in advisory RHSA-2009:0398. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A memory corruption flaw was discovered in the way SeaMonkey handles XML files containing an XSLT transform. A remote...

Fedora Core 10 FEDORA-2009-3100 (firefox)

The remote host is missing an update to firefox announced via advisory FEDORA-2009-3100. OpenVAS Vulnerability Test $Id: fcore20093100.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-3100 firefox Authors: Thomas Reinke Copyright: Copyright c 2009...

RedHat Security Advisory RHSA-2009:0397

The remote host is missing updates announced in advisory RHSA-2009:0397. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A...