Next Page >>
XML document
_='`"``=.
presents..
Multiple Adobe Products
XML External Entity And XML Injection Vulnerabilities
CVE: CVE-2009-3960
Adobe PSIRT: APSB10-05 - http://www.adobe.com/support/security/bulletins/apsb10-05.html
Link: http://www.security-assessment.com/files/advisories/2010-02-22_Multiple_Adobe_Products-XML_External_Entity_and_XML_Injection.pdf
+------------------------------------------------------------------------+
Vulnerability Information
=======================================
Product: Cisco ACE XML Gateway <= 6.0
Vulnerabily: Internal IP Address Disclosure
Vendor: Cisco Systems, Inc. http://www.cisco.com
Product URL: http://www.cisco.com/en/US/products/ps7314/
Author: nitrus [ Alejandro Hernandez H. ]
Discovery Date: 24/Aug/2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Jabber Extensible Communications Platform
and Cisco Unified Presence XML Denial of Service Vulnerability
Advisory ID: cisco-sa-20110928-xcpcupsxml
Revision 1.0
28-Jul-2011
___________________________________________________________________________
Vendor: Citrix, http://www.citrix.com
Affected Products: XenApp and XenDesktop
Affected Version: See the Citrix security bulletin [2] for a list
Vulnerability: Stack-Based Buffer Overflow in Citrix XML Service
Risk: HIGH
___________________________________________________________________________
Vendor communication:
28-Jul-2011
___________________________________________________________________________
Vendor: Citrix, http://www.citrix.com
Affected Products: XenApp and XenDesktop
Affected Version: See the Citrix security bulletin [2] for a list
Vulnerability: Heap Corruption in Citrix XML Service
Risk: HIGH
___________________________________________________________________________
Vendor communication:
SEC Consult Security Advisory < 20090305-0 >
========================================================================
title: NextApp Echo XML Injection Vulnerability
program: NextApp Echo
vulnerable version: Echo2 < 2.1.1
homepage: http://echo.nextapp.com/site/echo2
found: Feb. 2008
by: Anonymous / SEC Consult Vulnerability Lab
permanent link:
http://www.sec-consult.com/files/20090305-0_echo_nextapp_xml_injection.txt
===========================================================
Ubuntu Security Notice USN-815-1 August 11, 2009
libxml2 vulnerabilities
CVE-2008-3529, CVE-2009-2414, CVE-2009-2416
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
WebMail provides web-based access to email, calendars, contacts, files
and shared data from any computer with a browser and Internet connection.
Credit: David Kirkpatrick of Trustwave's SpiderLabs
Finding 1: XML External Entity Injection
CVE: CVE-2011-3579
An external entity is a function of the XML specification which allows XML
documents to reference resources external to the XML document. This
functionality forces the XML parser of the application to access the
This vulnerability could enable any user to read and modify
device configuration.
* CSCtb83618 ( registered customers only) has been assigned the CVE
identifier CVE-2010-0597.
This vulnerability could enable any user to read and modify
device configuration using XML RPC protocol. Additionally, this
vulnerability can be exploited to reload the affected device.
Unauthorized information interception
+------------------------------------
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
An error in Xerces-C++ allows for a Denial of Service via malicious XML
schema files.
Background
==========
>=20
> Microsoft Office is a suite containing several programs to
>=20
> handle Office documents like text documents or spreadsheets.=20
>=20
> The latest version uses an XML based document format.=20
>=20
> Microsoft Office allows documents to be digitally signed by
>=20
> authors using certified keys, allowing viewers to verify the=20
>=20
CVE-2008-1887 CVE-2008-2315 CVE-2008-3142
CVE-2008-3143 CVE-2008-3144 CVE-2008-4864
CVE-2008-5031
--- bind ---
CVE-2009-0696
--- libxml and libxml2 ---
CVE-2009-2414 CVE-2009-2416
--- curl --
CVE-2009-2417
--- gnutil ---
CVE-2007-2052
I. Background
OpenOffice is a opensource suite containing several programs to
handle Office documents like text documents or spreadsheets.
The latest version uses an XML based document format (ODF).
OpenOffice allows documents to be digitally signed by authors
using certified keys, allowing viewers to verify the integrity
and the origin based on the author's public key.
The author's public-key certificate, which can come from
a trusted third party, is embedded in the signed document.
Lenovo System Update allows arbitrary update executables to be downloaded and
installed from a rogue server. The Client DLL does not perform certificate
chain verification when initiating an SSL connection with the server. Instead,
it performs a string comparison on the Issuer field of the X.509 certificate
in order to determine if it appears to belong to IBM. After successful SSL
negotiation, the client proceeds to download XML files that contain pathnames
to EXE files, their sizes, and corresponding SHA-1 hashes (although the XML
element defining the SHA value is named "CRC.") If an XML file shows a newer
software version than what it is already installed, it downloads the EXE file,
calculates its SHA-1 hash and compares it against the one defined in the XML
file; if they match, it runs the executable with administrator privileges.
}
...
regardless of php.ini settings, you can create arbitrary folders, create/overwrite
files, also you can end the path with an arbitrary extension, other than .xml passing
a null char.
ex.
http://host/path_to_bitweaver/boards/boards_rss.php?version=/../../../../bookoo.php%00
Safari prior to version 4 may permit an evil web page to steal files
from the local system.
This is accomplished by mounting an XXE attack against the parsing of
the XSL XML. This is best explained with a sample evil XSL file which
includes a DTD that attempts the XXE attack:
<!DOCTYPE doc [ <!ENTITY ent SYSTEM "file:///etc/passwd"> ] >
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
BLUE MOON SECURITY ADVISORY 2009-02
===================================
:Title: XML Injection in PyBlosxom
:Severity: Low
:Reporter: Blue Moon Consulting
:Products: PyBlosxom v1.4.3
:Fixed in: --
I. Vulnerability Description
The OS X Software Update mechanism uses so called `distribution packages' [1],
which basically consist of two parts. The XML `catalog file', which lists the
available updates and the `distribution definition files' [1], which contain
information encoded in XML and JavaScript, defining every aspect of the
user experience, when installing an update.
When OS X checks for new updates, it first contacts swscan.apple.com
Debian Security Advisory DSA-1859-1 security@debian.org
http://www.debian.org/security/ Nico Golde
August 10th, 2009 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : libxml2
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE IDs : CVE-2009-2416 CVE-2009-2414
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: libxml2: Denial of Service
Date: September 21, 2010
Bugs: #280617
ID: 201009-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hi,
Safari prior to version 4 may permit an evil web page to steal
arbitrary XML data cross-domain.
This is accomplished by abusing a relatively obscure cross-domain
access point which was completely missing a cross-domain access check.
The access point in question is the document() function in XSL. This
is best illustrated with a sample evil XSL file which abuses this
function:
Debian Security Advisory DSA-1861-1 security@debian.org
http://www.debian.org/security/ Nico Golde
August 13th, 2009 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : libxml
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE IDs : CVE-2009-2416 CVE-2009-2414
DETAILS
=======
Cascade Server allows its users to write XSLT stylesheets which it
uses to transform XML source data into HTML or other formats. Cascade
Server employs the Apache XML Project's Xalan-Java XSLT processor to
perform these transformations.
The Xalan-Java site states, "For those situations where you would like
to augment the functionality of XSLT with calls to a procedural
===========================================================
Ubuntu Security Notice USN-673-1 November 19, 2008
libxml2 vulnerabilities
CVE-2008-4225, CVE-2008-4226
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
‘When distributing worksheets, you may wish to restrict user access to most regions. Rather than locking an area, you may opt instead to use worksheet protection.
The intent of file protection is to prevent other users from opening the worksheet in a text editor and editing its contents by hand. The allowed file formats are either binary (XMCDZ, MCD) or output-only (RTF, HTML). With file protection enabled, you can only alter the contents of a worksheet from Mathcad. You can create, edit, and delete regions within the worksheet with no restrictions.’
The XMCDZ file format is not a true binary format. It is the standard Mathcad .XMCD XML sheet, which has been GZIPPED. For this reason it is a simple matter to get the original plain text XML sheet out of the file, using an archive utility.
Once the XML file has been extracted, within the <editor> tag there will be a <protection> tag. This will look like:
<protection protection-level="low" password="XZEdIlJPXZxa1CQRKn6Sfw=="/>
There are 2 components to this tag; the level of restrictions places upon the sheet and also an optional password needed for un-protecting the sheet.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: libxml2: Denial of Service
Date: January 30, 2008
Bugs: #202628
ID: 200801-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please be advised that a security issue affecting the Apache XML Security
Library for C++ has been identified and an updated version released to
address the issue. The full text of the advisory is below, and a signed
version can be found at:
http://santuario.apache.org/secadv/CVE-2011-2516.txt
-- Scott Cantor
CVE-2011-2516: Apache Santuario XML Security for C++ contains buffer
Mandriva Linux Security Advisory MDVSA-2009:267
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xmlsec1
Date : October 10, 2009
Affected: 2008.1, 2009.0, 2009.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
* Cisco IOS-XR
* Cisco Catalyst Operating System (CatOS)
* Cisco NX-OS
* Cisco Application Control Engine (ACE) Module
* Cisco ACE Appliance
* Cisco ACE XML Gateway
* Cisco MDS 9000 Series Multilayer Fabric Switches
Note: The SNMP server is disabled by default. These vulnerabilities
only impact devices that are configured for SNMPv3.
Mandriva Linux Security Advisory MDVSA-2008:231
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libxml2
Date : November 18, 2008
Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Next Page>>
|
