PT-2025-2936

Name of the Vulnerable Software and Affected Versions HL7 FHIR IG publisher versions prior to 1.7.4 Description The HL7 FHIR IG publisher is vulnerable to XML external entity injections due to XSLT transforms performed by various components. This issue can be exploited by submitting a malicious X...

PT-2024-24141 · Unknown · Xmlunit For Java

Name of the Vulnerable Software and Affected Versions: XMLUnit for Java versions prior to 2.10.0 Description: The issue arises from XMLUnit for Java not disabling XSLT extension functions by default when performing XSLT transformations. This could allow arbitrary code to be executed when XMLUnit ...

Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a cross-origin iframe referencing an XSLT document inheriting the parent domain's permissions such as microphone or camera access...

Horde Webmail 5.2.22 - Account Takeover via Email

Horde Webmail is a free, enterprise-ready, and browser-based communication suite developed by the Horde project. It is a popular webmail solution for universities and government agencies to exchange sensitive email messages on a daily basis. It is also shipped as part of the popular hosting...

yWorks yEd Code Execution Vulnerability

yWorks yEd is a graphical editor desktop application. A code execution vulnerability exists in yWorks yEd versions prior to 3.20.1. The vulnerability can be exploited for code execution via XSL transformations when using XML files in conjunction with custom stylesheets...

libxml2 xmlXPathCompOpEvalPositionalPredicate Memory Misreference Vulnerability

libxml2 is the GNOME project team developed a C-based library for parsing XML documents, which supports multiple encoding formats, Xpath parsing, Well-formed and valid validation. libxml2 xmlXPathCompOpEvalPositionalPredicate memory misreference vulnerability. An attacker could cause memory...

Medium: php55

Issue Overview: As reported upstream https://bugs.php.net/bug.php?id=69720, A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. CVE-2015-7803 A flaw was discovered in the way PHP performed object...

[Open SCAP v0.9.5] Support of SCE - Script Check Engine

SCAP is a line of standards managed by NIST. It was created to provide a standardized approach to maintaining the security of enterprise systems, such as automatically verifying the presence of patches, checking system security configuration settings, and examining systems for signs of compromise...

Debian Security Advisory DSA 2399-2 (php5)

The remote host is missing an update to php5 announced via advisory DSA 2399-2. OpenVAS Vulnerability Test $Id: deb23992.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2399-2 php5 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

[SECURITY] [DSA 2399-2] php5 regression fix

------------------------------------------------------------------------- Debian Security Advisory DSA-2399-2 [email protected] http://www.debian.org/security/ Thijs Kinkhorst January 31, 2012 http://www.debian.org/security/faq -...

Nessus 4.4.0 New version release !

Finally, an updated version of Nessus is out after a long time! This is Nessus version 4.4.0 "The Nessus vulnerability scanner is the world-leader in active scanners, featuring high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of yo...

Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : firefox, firefox-3.0, xulrunner-1.9 vulnerabilities (USN-745-1)

It was discovered that Firefox did not properly perform XUL garbage collection. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubunt...

Ubuntu USN-745-1 (xulrunner-1.9)

The remote host is missing an update to xulrunner-1.9 announced via advisory USN-745-1. OpenVAS Vulnerability Test $Id: ubuntu7451.nasl 7969 2017-12-01 09:23:16Z santu $ $Id: ubuntu7451.nasl 7969 2017-12-01 09:23:16Z santu $ Description: Auto-generated from advisory USN-745-1 xulrunner-1.9 Author...

Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations

Overview The Sun Microsystems Java Runtime Environment JRE contains a vulnerability that could allow privilege escalation in the processing of XSLT transformations. The Sun Microsystems Java Runtime Environment JRE contains a vulnerability that could allow a remote attacker to elevate its...

JVN#04032535 Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations

The Sun Microsystems Java Runtime Environment JRE contains a vulnerability that could allow a remote attacker to elevate its privileges via an untrusted applet or application that is downloaded from a website to perform XSLT transformations on XML documents. Impact The impacts vary depending on t...

Sun Java JRE Multiple Vulnerabilities (233321-233327)

The version of Sun Java Runtime Environment JRE installed on the remote host is affected by one or more security issues : - Two vulnerabilities in the JRE VM may independently allow an untrusted application or applet downloaded from a website to elevate its privileges 233321. - When processing XS...