553 matches found
CVE-2009-1699
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a...
CVE-2009-1699
The CVE-2009-1699 entry is confirmed in connected documents as a WebKit XXE vulnerability: qt4-x11 uses WebKit’s XSL stylesheet processing and does not properly handle XML external entities, enabling remote file disclosure via a crafted DTD (e.g., file:///… paths). Affected product/kit: Qt4-x11 w...
CVE-2009-1699
Removed by vendor...
CVE-2009-1699
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a...
Apple Safari local file theft vulnerability
Hi, Safari prior to version 4 may permit an evil web page to steal files from the local system. This is accomplished by mounting an XXE attack against the parsing of the XSL XML. This is best explained with a sample evil XSL file which includes a DTD that attempts the XXE attack: !DOCTYPE doc...
Apple Safari 3.2.x - XML External Entity Local File Theft
Safari prior to version 4 may permit an evil web page to steal files from the local system. This is accomplished by mounting an XXE attack against the parsing of the XSL XML. This is best explained with a sample evil XSL file which includes a DTD that attempts the XXE attack: Below you should see...
Apple Safari <= 3.2.x (XXE attack) Local File Theft Vulnerability
Exploit for multiple platform in category remote exploits ================================================================= Apple Safari Below you should see the content of a local file, stolen by this evil web page. alertdocument.body.innerHTML; To mount the attack, the attacker would serve a we...
Apple Safari 3.2.x - XML External Entity Local File Theft
Apple Safari 3.2.x - XML External Entity Local File Theft Safari prior to version 4 may permit an evil web page to steal files from the local system. This is accomplished by mounting an XXE attack against the parsing of the XSL XML. This is best explained with a sample evil XSL file which include...
Apple Safari XXE Local File Theft
Hi, Safari prior to version 4 may permit an evil web page to steal files from the local system. This is accomplished by mounting an XXE attack against the parsing of the XSL XML. This is best explained with a sample evil XSL file which includes a DTD that attempts the XXE attack: Below you should...
WebKit - XML External Entity Information Disclosure
source: https://www.securityfocus.com/bid/35321/info WebKit is prone to a remote information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. NOTE: This issue was previously covered in BID 35260 Apple Safari Prior to 4.0...
WebKit - XML External Entity Information Disclosure
WebKit - XML External Entity Information Disclosure source: https://www.securityfocus.com/bid/35321/info WebKit is prone to a remote information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. NOTE: This issue was...
Adobe Reader 7: XML External Entity (XXE) Attack
XML External Entity XXE Attack Possible in Adobe Reader 7 ----------------------------------------------------------- SHH 7, 2005-06-16 Description ----------- Recent versions of Adobe Reader previously known as Acrobat Reader are vulnerable to XML External Entity XXE Attacks. By including a...
CVE-2021-46849
Removed by vendor...