12 matches found
CVE-2024-28168
Improper Restriction of XML External Entity Reference 'XXE' vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue...
CVE-2024-28168 Apache XML Graphics FOP: XML External Entity (XXE) Processing
Improper Restriction of XML External Entity Reference 'XXE' vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue...
Improper Restriction of XML External Entity Reference in Apache POI
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity XXE Processing...
XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled))
Due to an incomplete fix for CVE-2019-9658, checkstyle was still vulnerable to XML External Entity XXE Processing. Impact User: Build Maintainers This vulnerability probably doesn't impact Maven/Gradle users as, in most cases, these builds are processing files that are trusted, or pre-vetted by a...
CVE-2019-12415
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity XXE Processing...
CVE-2019-12415
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity XXE Processing...
CVE-2019-12415
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity XXE Processing...
CVE-2019-12415
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity XXE Processing...
Citrix XenMobile 10.x Multiple Security Updates
Description of Problem A number of security vulnerabilities have been identified in Citrix XenMobile Server. The vulnerabilities have been assigned the following CVE numbers. Affecting XenMobile Server 10.7 and 10.8: CVE-2018-10653 High: XML External Entity XXE Processing Vulnerability in Citrix...
jenkins -- multiple vulnerabilities
Jenkins developers report: The agent to master security subsystem ensures that the Jenkins master is protected from maliciously configured agents. A path traversal vulnerability allowed agents to escape whitelisted directories to read and write to files they should not be able to access. Black Du...
OpenMRS 2.3 (1.11.4) - XML External Entity (XXE) Processing Exploit
Exploit for php platform in category web applications !/usr/bin/env python OpenMRS 2.3 1.11.4 XML External Entity XXE Processing PoC Exploit Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0...
Fedora 19 : mediawiki-1.20.4-1.fc19 (2013-5874)
An internal review discovered that specially crafted Lua function names could lead to XSS. https://bugzilla.wikimedia.org/showbug.cgi?id=46084 - Daniel Franke reported that during SVG parsing, MediaWiki failed to prevent XML external entity XXE processing. This could lead to local file...