Web (client side)

ApplicationXSLT Engine Vulnerabilities
WebkitlibxsltFile creation (CVE-2011-1774)
FirefoxTransformiixMemory corruption (MFSA 2012-08 aka CVE-2012-0449)
Opera PrestoMisc crashes (DSK-355332 and DSK-355334)
Internet ExplorerMS XML

Web (server side)

ApplicationXSLT Engine Vulnerabilities
LiferayXalan-J File disclosure (CVE-2011-1502 and CVE-2011-1503)
Code execution (CVE-2011-1571)
PHP 5libxsltArbitrary file creation (CVE-2012-0057, corrected in v5.3.9)
SharepointMS XMLXML External Entity : File disclosure, ... (CVE-2011-1892 aka MS11-074)
DotNetNukeMS XMLXML External Entity : File disclosure, ... (No CVE, patched in v06.00.00 of the XML module)
MoinMoin4SuiteArbitrary file disclosure and creation (CVE-2012-xxxx)

Online services

Application XSLT engine 
W3C XSLT Gateway  Saxon
Online Toolz libxslt 
Shell Tools libxslt
XSLT Java applet XSLTC from Xalan-J

Office software

ApplicationXSLT Engine Vulnerabilities
Adobe ReaderModified Sablotron Memory corruption (Linux only)
LiferalibxsltFile creation
OpenOfficelibxslt

Security

ApplicationXSLT Engine Vulnerabilities
xmlseclibxsltFile creation (CVE-2011-1425)
Lassolibxslt
Unnamed application verifying XML-DSig signaturesXalan-JRemote code execution

Databases

ApplicationXSLT Engine Vulnerabilities
Postgres SQLlibxsltFile disclosure, File creation
Tags:
Created by Nicolas Gregoire on 2012/01/04 23:47
     

Welcome

Welcome on the XSLT Hacking Encyclopedia !

You may be interested by the Engines and Applications pages.

Link to the blog
Twitter: @Agarri_FR

Tag Cloud

Unknown macro: tagcloud.
Content by Nicolas Grégoire / Agarri
Blog - Follow me @Agarri_FR