Applications

Last modified by Nicolas Gregoire on 2012/07/23 14:23

Web (client side)
Web (server side)
Online services
Office software
Security
Databases

Web (client side)

Application	XSLT Engine	Vulnerabilities
Webkit	libxslt	File creation (CVE-2011-1774)
Firefox	Transformiix	Memory corruption (MFSA 2012-08 aka CVE-2012-0449)
Opera	Presto	Misc crashes (DSK-355332 and DSK-355334)
Internet Explorer	MS XML

Web (server side)

Application	XSLT Engine	Vulnerabilities
Liferay	Xalan-J	File disclosure (CVE-2011-1502 and CVE-2011-1503) Code execution (CVE-2011-1571)
PHP 5	libxslt	Arbitrary file creation (CVE-2012-0057, corrected in v5.3.9)
Sharepoint	MS XML	XML External Entity : File disclosure, ... (CVE-2011-1892 aka MS11-074)
DotNetNuke	MS XML	XML External Entity : File disclosure, ... (No CVE, patched in v06.00.00 of the XML module)
MoinMoin	4Suite	Arbitrary file disclosure and creation (CVE-2012-xxxx)

Online services

Application	XSLT engine
W3C XSLT Gateway	Saxon
Online Toolz	libxslt
Shell Tools	libxslt
XSLT Java applet	XSLTC from Xalan-J

Office software

Application	XSLT Engine	Vulnerabilities
Adobe Reader	Modified Sablotron	Memory corruption (Linux only)
Lifera	libxslt	File creation
OpenOffice	libxslt

Security

Application	XSLT Engine	Vulnerabilities
xmlsec	libxslt	File creation (CVE-2011-1425)
Lasso	libxslt
Unnamed application verifying XML-DSig signatures	Xalan-J	Remote code execution

Databases

Application	XSLT Engine	Vulnerabilities
Postgres SQL	libxslt	File disclosure, File creation

Welcome

Welcome on the XSLT Hacking Encyclopedia !

You may be interested by the Engines and Applications pages.

Link to the blog
Twitter: @Agarri_FR

Recently Modified

Default Class Sheet | Default Class Sheet | NotificationAdministration | Default Class Sheet | Default Class Sheet

Content by Nicolas Grégoire / Agarri

Blog - Follow me @Agarri_FR