Security-Assessment.com discovered that multiple Adobe products with different Data Services versions are vulnerable to XML External Entity (XXE) and XML injection attacks. XML external Entities injection allows a wide range of XML based attacks, including local file disclosure, TCP
scans and Denial of Service condition, which can be achieved by recursive entity injection, attribute blow up and other types of injection. For more information about the implications associated to this vulnerability, refer to the RFC2518 (17.7 Implications of XML External Entities): http://www.ietf.org/rfc/rfc2518.txt.
The vendor has released several patches for this vulnerability. Consult Web References for more information.
- WordPress plugin Custom Contact Forms critical vulnerability
- VNC does not require authentication
- WordPress Plugin Pike Firewall Information Disclosure (1.4)
- WordPress Plugin Better WordPress Minify Arbitrary File Disclosure (1.2.2)
- WordPress Plugin eCommerce Shopping Cart by WP EasyCart Information Disclosure (2.0.5)