CVE-2010-3260

MEDIUM Year: 2010
CVSS v2 Score
6.4
Medium
Weakness Type
CWE-264
View all →

Vulnerability Description

oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server component in the XForms service in Orbeon Forms before 3.9 does not properly restrict DTDs in Ajax requests, which allows remote attackers to read arbitrary files or send HTTP requests to intranet servers via an entity declaration in conjunction with an entity reference, related to an "XML injection" issue.

Related Vulnerabilities

CVE-2015-7425

CRITICAL
CVSS:10.0(Critical)

The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6....

CWE-2642015

CVE-2015-7919

CRITICAL
CVSS:10.0(Critical)

SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors.

CWE-2642015

CVE-2015-8267

CRITICAL
CVSS:10.0(Critical)

The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords v...

CWE-2642015

CVE-2016-7457

CRITICAL
CVSS:10.0(Critical)

VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.

CWE-2642016

CVE-2016-8363

CRITICAL
CVSS:10.0(Critical)

An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RT...

CWE-2642016

CVE-2015-7411

CRITICAL
CVSS:9.9(Critical)

The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors.

CWE-2642015