«
Expand/Collapse
182 items tagged "xml"
Related tags:
xml security [+],
microsoft [+],
xml parser [+],
core [+],
xml core [+],
tomcat [+],
microsoft xml [+],
apache tomcat [+],
raptor [+],
php [+],
memory corruption [+],
denial of service [+],
expat [+],
xml signature [+],
xml file [+],
ubuntu [+],
security vulnerability [+],
security library [+],
security advisory [+],
library [+],
integer overflow [+],
input validation [+],
digital signature [+],
decode [+],
service vulnerability [+],
signature [+],
read [+],
opensaml [+],
ibm db2 [+],
apache xml [+],
adobe [+],
xml extensions [+],
xml components [+],
xml class [+],
wordpress [+],
unauthenticated [+],
tim boddy [+],
symfony [+],
string function [+],
server api [+],
resteasy [+],
reading vulnerability [+],
reading [+],
phpmyadmin [+],
org [+],
openoffice [+],
memory resources [+],
luw [+],
libraptor [+],
language expressions [+],
interpretation [+],
instances [+],
inclusion [+],
ibm [+],
hash values [+],
file [+],
exposure [+],
exploits [+],
excessive memory [+],
entity references [+],
entity declarations [+],
dumps [+],
dump [+],
data leakage [+],
beta [+],
aspx [+],
arbitrary [+],
adobe products [+],
xml functionality [+],
txt [+],
tom lane [+],
smtp servers [+],
security assessment [+],
python language [+],
python [+],
proof of concept [+],
programming knowledge [+],
peter eisentraut [+],
noah misch [+],
network protocols [+],
misch [+],
mdvsa [+],
mandriva linux [+],
linux security [+],
library versions [+],
fuzztalk [+],
framework [+],
entity [+],
ejabberd [+],
database users [+],
database [+],
colladaconverter [+],
buffer overflow vulnerability [+],
buffer overflow [+],
blazeds [+],
aika [+],
application [+],
information disclosure vulnerability [+],
character [+],
wrap [+],
winlicense [+],
windows [+],
web applications [+],
web [+],
uri processing [+],
typing [+],
storyboard [+],
sql server 2005 [+],
sql [+],
spongebob square pants [+],
spongebob square [+],
sharepoint [+],
server [+],
security bulletins [+],
scan data [+],
safer use [+],
ruby interface [+],
ruby [+],
quick [+],
poc [+],
peripherals [+],
pcb software [+],
password properties [+],
parser [+],
parse [+],
pants [+],
oreans [+],
orbeon [+],
opera [+],
nmap [+],
news [+],
neon [+],
microsoft sharepoint [+],
memory [+],
mediator [+],
mahara [+],
lock key [+],
lock [+],
keyboard [+],
joomla [+],
jaxb [+],
java [+],
james clark [+],
jabberd [+],
intuitive fashion [+],
internet explorer [+],
integer overflow vulnerability [+],
inkscape [+],
hash function [+],
hacks [+],
guestbook [+],
google [+],
gallery [+],
function [+],
forms [+],
ext [+],
excessive amounts [+],
ergonomic keyboard [+],
eagle [+],
dsa [+],
djabberd [+],
disclosure [+],
cybercriminals [+],
core services [+],
coldfusion [+],
cisco network [+],
chrome [+],
cfg [+],
cakephp [+],
cadsoft eagle [+],
cadsoft [+],
building [+],
board layouts [+],
axis [+],
available memory [+],
attackers [+],
apache axis2 [+],
Skype [+],
ExploitsVulnerabilities [+],
vulnerability [+],
red hat security [+],
parsing [+],
libxml [+],
external entity [+],
tero rontti [+],
expat xml [+],
rauli [+],
development toolbox [+],
based buffer overflow [+],
application crash [+],
apache [+],
xml parsing [+],
unspecified [+],
security [+],
external [+],
external entities [+]
-
-
17:00
»
SecuriTeam
OpenSAML is prone to a security vulnerability involving XML signature wrapping.
-
-
17:00
»
SecuriTeam
XML file disclosure vulnerability via GET_WRAP_CFG_C and GET_WRAP_CFG_C2 system stored procedures.
-
-
20:05
»
Packet Storm Security Advisories
Team SHATTER Security Advisory - Two system stored procedures executable by PUBLIC allow reading of files with xml extensions in IBM DB2 LUW versions 9.1, 9.5, 9.7, and 10.1.
-
20:05
»
Packet Storm Security Recent Files
Team SHATTER Security Advisory - Two system stored procedures executable by PUBLIC allow reading of files with xml extensions in IBM DB2 LUW versions 9.1, 9.5, 9.7, and 10.1.
-
20:05
»
Packet Storm Security Misc. Files
Team SHATTER Security Advisory - Two system stored procedures executable by PUBLIC allow reading of files with xml extensions in IBM DB2 LUW versions 9.1, 9.5, 9.7, and 10.1.
-
-
0:23
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1288-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A one byte buffer overflow was found in the way libxml2 evaluated certain parts of XML Pointer Language expressions. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
0:23
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1288-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A one byte buffer overflow was found in the way libxml2 evaluated certain parts of XML Pointer Language expressions. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
0:23
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1288-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A one byte buffer overflow was found in the way libxml2 evaluated certain parts of XML Pointer Language expressions. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
-
16:06
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1542-1 - Peter Eisentraut discovered that the XSLT functionality in the optional XML2 extension would allow unprivileged database users to both read and write data with the privileges of the database server. Noah Misch and Tom Lane discovered that the XML functionality in the optional XML2 extension would allow unprivileged database users to read data with the privileges of the database server.
-
16:06
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1542-1 - Peter Eisentraut discovered that the XSLT functionality in the optional XML2 extension would allow unprivileged database users to both read and write data with the privileges of the database server. Noah Misch and Tom Lane discovered that the XML functionality in the optional XML2 extension would allow unprivileged database users to read data with the privileges of the database server.
-
-
8:22
»
Packet Storm Security Advisories
Ubuntu Security Notice 1527-1 - It was discovered that Expat computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. Tim Boddy discovered that Expat did not properly handle memory reallocation when processing XML files. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. Various other issues were also addressed.
-
8:22
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1527-1 - It was discovered that Expat computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. Tim Boddy discovered that Expat did not properly handle memory reallocation when processing XML files. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. Various other issues were also addressed.
-
8:22
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1527-1 - It was discovered that Expat computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. Tim Boddy discovered that Expat did not properly handle memory reallocation when processing XML files. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10. Various other issues were also addressed.
-
-
17:00
»
SecuriTeam
CakePHP is prone to an XML External Entity injection vulnerability.
-
-
12:33
»
Packet Storm Security Recent Files
This is a thorough analysis of the Microsoft XML core services uninitialized memory vulnerability as noted by CVE-2012-1889. It includes proof of concept data to trigger the issue and goes through the flow.
-
12:33
»
Packet Storm Security Misc. Files
This is a thorough analysis of the Microsoft XML core services uninitialized memory vulnerability as noted by CVE-2012-1889. It includes proof of concept data to trigger the issue and goes through the flow.
-
-
17:00
»
SecuriTeam
ejabberd is prone to a vulnerability that may allow attackers to cause an affected application to consume excessive amounts of memory, resulting in a denial-of-service condition.
-
-
20:00
»
Packet Storm Security Recent Files
This Metasploit module exploits a memory corruption flaw in Microsoft XML Core Services when trying to access an uninitialized Node with the getDefinition API, which may corrupt memory allowing remote code execution. At the moment, this module only targets Microsoft XML Core Services 3.0 via IE6 and IE7 over Windows XP SP3.
-
20:00
»
Packet Storm Security Misc. Files
This Metasploit module exploits a memory corruption flaw in Microsoft XML Core Services when trying to access an uninitialized Node with the getDefinition API, which may corrupt memory allowing remote code execution. At the moment, this module only targets Microsoft XML Core Services 3.0 via IE6 and IE7 over Windows XP SP3.
-
-
15:55
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0731-01 - Expat is a C library written by James Clark for parsing XML documents. A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially-crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. A memory leak flaw was found in Expat. If an XML file processed by an application linked against Expat triggered a memory re-allocation failure, Expat failed to free the previously allocated memory. This could cause the application to exit unexpectedly or crash when all available memory is exhausted.
-
-
7:44
»
Packet Storm Security Advisories
VSR identified a vulnerability in multiple open source office products (including OpenOffice, LibreOffice, KOffice, and AbiWord) due to unsafe interpretation of XML files with custom entity declarations. Deeper analysis revealed that the vulnerability was caused by acceptance of external entities by the libraptor library, which is used by librdf and is in turn used by these office products.
-
7:44
»
Packet Storm Security Recent Files
VSR identified a vulnerability in multiple open source office products (including OpenOffice, LibreOffice, KOffice, and AbiWord) due to unsafe interpretation of XML files with custom entity declarations. Deeper analysis revealed that the vulnerability was caused by acceptance of external entities by the libraptor library, which is used by librdf and is in turn used by these office products.
-
7:44
»
Packet Storm Security Misc. Files
VSR identified a vulnerability in multiple open source office products (including OpenOffice, LibreOffice, KOffice, and AbiWord) due to unsafe interpretation of XML files with custom entity declarations. Deeper analysis revealed that the vulnerability was caused by acceptance of external entities by the libraptor library, which is used by librdf and is in turn used by these office products.
-
-
20:27
»
Packet Storm Security Advisories
An XML External Entity (XXE) attack is possible in OpenOffice.org versions 3.3 and 3.4 Beta. This vulnerability exploits the way in which external entities are processed in certain XML components of ODF documents.
-
20:27
»
Packet Storm Security Recent Files
An XML External Entity (XXE) attack is possible in OpenOffice.org versions 3.3 and 3.4 Beta. This vulnerability exploits the way in which external entities are processed in certain XML components of ODF documents.
-
20:27
»
Packet Storm Security Misc. Files
An XML External Entity (XXE) attack is possible in OpenOffice.org versions 3.3 and 3.4 Beta. This vulnerability exploits the way in which external entities are processed in certain XML components of ODF documents.
-
-
8:39
»
Packet Storm Security Exploits
The XMLEncoder component of Symfony version 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a client/server API. By using external entities it is possible to include arbitrary files from the file system. Any application written in Symfony2 that parses user supplied XML is affected.
-
8:39
»
Packet Storm Security Recent Files
The XMLEncoder component of Symfony version 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a client/server API. By using external entities it is possible to include arbitrary files from the file system. Any application written in Symfony2 that parses user supplied XML is affected.
-
8:39
»
Packet Storm Security Misc. Files
The XMLEncoder component of Symfony version 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a client/server API. By using external entities it is possible to include arbitrary files from the file system. Any application written in Symfony2 that parses user supplied XML is affected.
-
-
19:21
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0018-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash.
-
19:21
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0018-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash.
-
19:21
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0018-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash.
-
19:12
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0017-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language, which is a language for addressing parts of an XML document. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
19:12
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0017-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language, which is a language for addressing parts of an XML document. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
19:12
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0017-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language, which is a language for addressing parts of an XML document. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
19:08
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0016-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language, which is a language for addressing parts of an XML document. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
19:08
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0016-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language, which is a language for addressing parts of an XML document. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
19:08
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0016-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language, which is a language for addressing parts of an XML document. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
-
8:01
»
Hack a Day
Many companies today try to simplify life by over complicating the keyboard. Microsoft has been doing it since 2001. If you love your ergonomic keyboard, but hate that “function lock” key, there are plenty of options out there for you to try. The least complicated way is to either modify some XML or just set [...]
-
-
17:01
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1749-03 - The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language, which is a language for addressing parts of an XML document. An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
17:01
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1749-03 - The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language, which is a language for addressing parts of an XML document. An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
17:01
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1749-03 - The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language, which is a language for addressing parts of an XML document. An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
-
7:49
»
Packet Storm Security Exploits
phpMyAdmin suffers from a remote arbitrary file reading vulnerability when using a simplexml_load_string function meant to read xml from user input.
-
7:49
»
Packet Storm Security Recent Files
phpMyAdmin suffers from a remote arbitrary file reading vulnerability when using a simplexml_load_string function meant to read xml from user input.
-
7:49
»
Packet Storm Security Misc. Files
phpMyAdmin suffers from a remote arbitrary file reading vulnerability when using a simplexml_load_string function meant to read xml from user input.
-
-
6:31
»
Packet Storm Security Recent Files
FuzzTalk is an XML driven fuzz testing framework that emphasizes easy extensibility and reusability. While most fuzzing frameworks require in depth programming knowledge, FuzzTalk can test a wide range of network protocols with the help of XML templates. Includes scripts for fuzzing HTTP, FTP, and SMTP servers.
-
6:31
»
Packet Storm Security Misc. Files
FuzzTalk is an XML driven fuzz testing framework that emphasizes easy extensibility and reusability. While most fuzzing frameworks require in depth programming knowledge, FuzzTalk can test a wide range of network protocols with the help of XML templates. Includes scripts for fuzzing HTTP, FTP, and SMTP servers.
-
-
6:52
»
Packet Storm Security Recent Files
Apache Santuario XML Security for C++ library versions prior to 1.6.1 suffer from multiple buffer overflows when signing and verifying large keys.
-
6:52
»
Packet Storm Security Misc. Files
Apache Santuario XML Security for C++ library versions prior to 1.6.1 suffer from multiple buffer overflows when signing and verifying large keys.
-
-
19:47
»
Packet Storm Security Recent Files
XML Security Library is a C library based on LibXML2. It provides an implementation for major XML security standards: XML Digital Signature and XML Encryption.
-
19:47
»
Packet Storm Security Misc. Files
XML Security Library is a C library based on LibXML2. It provides an implementation for major XML security standards: XML Digital Signature and XML Encryption.
-
-
22:02
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2010-224 - A vulnerability was discovered and corrected in php. A flaw in ext/xml/xml.c could cause a cross-site scripting vulnerability.
-
22:01
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-224 - A vulnerability was discovered and corrected in php. A flaw in ext/xml/xml.c could cause a cross-site scripting vulnerability.
-
-
5:57
»
Carnal0wnage
I just pushed out code coverage for the Adobe XML External Entity Injection vulnerability in multiple adobe products including: BlazeDS 3.2 and earlier versions, LiveCycle 9.0, 8.2.1, and
8.0.1, LiveCycle Data Services 3.0, 2.6.1, and 2.5.1, Flex Data
Services 2.0.1, ColdFusion 9.0, 8.0.1, 8.0, and 7.0.2
References Here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-3960
http://www.osvdb.org/62292
http://www.securityfocus.com/bid/38197
http://www.security-assessment.com/files/advisories/2010-02-22_Multiple_Adobe_Products-XML_External_Entity_and_XML_Injection.pdf
http://www.adobe.com/support/security/bulletins/apsb10-05.html
I recommend you read security-asessment's pdf on it, its good.
Anyway, its a cool bug.
1 -->because it affects several products although most people have probably never heard of most of them except for ColdFusion.
2 -->its enabled by default on all those products you've never heard of except for ColdFusion, with the exception of CF 8 which appears to have it turned on by default.
3 -->You have to apply patches for CF individually and there is no automated process. Since this vuln got little media attention I've seen alot of hosts that are still missing this patch and/or didn't turn off the vuln service.
On with the demo!
So against a patched host or someone that has disabled the service in ColdFusion you'll see one of two things; either 404's for the checks or 200 for /flex2gateway/ and 500 for the http or https check.
If you get a bunch of 400's then you need to set the VHOST
When it works, you'll see something like this for /etc/passwd
and like this when you asked for a file that doesn't exist or doesn't have permission to read (since CF doesn't run as root on linux, requesting /etc/shadow wont work) :-(
At this point, you're probably like "so what" well whats cool about arbitrary file read is that 1. it also works on Windows:
and 2. that whole
password.properties attack is now cool again because you can just request that file too
-CG
-
-
11:10
»
Hack a Day
[PT] posted about an exciting development from Cadsoft, the migration to XML based parts, schematics, and board layouts. The adoption of this open standard goes hand-in-hand with the open hardware initiatives people like [PT] have been pushing for. Cadsoft Eagle is our go-to schematic and PCB software. We even have a tutorial which guides you [...]
-
-
22:01
»
Packet Storm Security Misc. Files
This library provides a Ruby interface to Nmap's scan data. It can run Nmap and parse its XML output directly from the scan, parse a file containing the XML data from a separate scan, parse a String of XML data from a scan, or parse XML data from an object via its read() method. This information is presented in an easy-to-use and intuitive fashion for storing and manipulating.
-
-
23:01
»
Packet Storm Security Tools
XML Security Library is a C library based on LibXML2. It provides an implementation for major XML security standards: XML Digital Signature and XML Encryption.
-
23:00
»
Packet Storm Security Recent Files
XML Security Library is a C library based on LibXML2. It provides an implementation for major XML security standards: XML Digital Signature and XML Encryption.
-
-
17:00
»
Packet Storm Security Tools
XML Security Library is a C library based on LibXML2. It provides an implementation for major XML security standards: XML Digital Signature and XML Encryption.
-
-
22:00
»
Packet Storm Security Recent Files
Ubuntu Security Notice 890-6 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for CMake. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.
-
22:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 890-6 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for CMake. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.
-
-
20:27
»
SecuriTeam
This vulnerability allows remote attackers to remove arbitrary XML files on vulnerable installations of Skype.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
0:00
»
Packet Storm Security Recent Files
Security-Assessment.com discovered that multiple Adobe products with different Data Services versions are vulnerable to XML External Entity (XXE) and XML injection attacks.
-
0:00
»
Packet Storm Security Exploits
Security-Assessment.com discovered that multiple Adobe products with different Data Services versions are vulnerable to XML External Entity (XXE) and XML injection attacks.
-
-
19:00
»
Packet Storm Security Recent Files
Ubuntu Security Notice 890-5 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.
-
19:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 890-5 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.
-
-
14:00
»
Packet Storm Security Advisories
Debian Linux Security Advisory 1984-1 - It was discovered that libxerces2-java, a validating XML parser for Java, does not properly process malformed XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file.
-
-
7:00
»
Packet Storm Security Recent Files
Ubuntu Security Notice 890-4 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for PyXML. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.
-
7:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 890-4 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for PyXML. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.
-
5:00
»
Packet Storm Security Recent Files
Debian Linux Security Advisory 1977-1 - Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy in the interpreter for the Python language, does not properly process malformed or crafted XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file. In addition, this update fixes an integer overflow in the hashlib module in python2.5. This vulnerability could allow an attacker to defeat cryptographic digests. It only affects the oldstable distribution (etch).
-
5:00
»
Packet Storm Security Advisories
Debian Linux Security Advisory 1977-1 - Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy in the interpreter for the Python language, does not properly process malformed or crafted XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file. In addition, this update fixes an integer overflow in the hashlib module in python2.5. This vulnerability could allow an attacker to defeat cryptographic digests. It only affects the oldstable distribution (etch).
-
-
16:00
»
Packet Storm Security Recent Files
Ubuntu Security Notice 890-3 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.4. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.
-
16:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 890-3 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.4. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.
-
1:00
»
Packet Storm Security Recent Files
Ubuntu Security Notice 890-2 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.5. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.
-
1:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 890-2 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.5. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.
-
-
19:00
»
Packet Storm Security Recent Files
Ubuntu Security Notice 890-1 - Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.
-
19:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 890-1 - Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.
0day.today (was: 1337day, Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Darknet
The Exploitant
Wirevolution
