Threat Post

Java, Python FTP Injection Attacks Bypass Firewalls

Newly disclosed FTP injection vulnerabilities in Java and Python that are fueled by rather common XML External Entity (XXE) flaws allow for firewall bypasses. Newly disclosed FTP injection ...
Bleeping Computer

CISA orders feds to patch actively exploited Geoserver flaw

CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. In such attacks, an XML input containing a ...
Threat Post

Researcher Says NSA’s Ghidra Tool Can Be Used for RCE

Researchers have released a proof-of-concept showing how a XXE vulnerability can be exploited to attack Ghidra project users. Ghidra, a free, open-source software reverse-engineering tool that was ...
CNET

Extra headaches of securing XML

Martin LaMonica is a senior writer covering green tech and cutting-edge technologies. He joined CNET in 2002 to cover enterprise IT and Web development and was previously executive editor of IT ...
Dark Reading

Patch Now: OpenNMS Bug Steals Data, Triggers Denial of Service

Maintainers of OpenNMS patched a high-severity vulnerability in both the community-supported and subscription-based versions of the widely used open source network monitoring software. The XML ...
Homeland Security Today

Microsoft Edge Browser Permission Backdoor Can Allow Remote Attacks to Steal Data

It has been nearly a week since security researcher John Page reported that he had found an Internet Explorer XML eXternal Entity (XXE) vulnerability. A new layer of this vulnerability has been ...