Vulnerabilities > Brad Fitzpatrick

DATE CVE VULNERABILITY TITLE RISK
2011-06-22 CVE-2011-2206 Resource Management Errors vulnerability in Brad Fitzpatrick Djabberd
XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference, a different vulnerability than CVE-2011-1757.
network
low complexity
brad-fitzpatrick CWE-399
5.5
2011-06-21 CVE-2011-1757 Resource Management Errors vulnerability in Brad Fitzpatrick Djabberd
DJabberd 0.84 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
network
low complexity
brad-fitzpatrick CWE-399
5.0