91 matches found
GHSA-Q5QW-4364-5HHM Django Vulnerable to HTTP Response Splitting Attack
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an 1 email message to the EmailValidator, a ...
Regular Expression Denial Of Service (ReDoS)
devextreme is vulnerable to regular expression denial of service. The vulnerability exists in validationengine.js because Incorrect sanitations in email validator allows an attacker to use malicious inputs resulting in denial of service conditions...
PHPMailer untrusted code may be run from an overridden address validator
If a function is defined that has the same name as the default built-in email address validation scheme php, it will be called in default configuration as when no validation scheme is provided, the default scheme's callable php was being called. If an attacker is able to inject such a function in...
Vaadin vaadin-server 资源管理错误漏洞
vaadin-server is a Vaadin open source application . A platform for rapid development of Web applications on the Java backend . vaadin: A resource management error vulnerability exists in the EmailValidator class in vaadin-server versions 7.0.0 through 7.7.21, which can be exploited by an attacker...
CVE-2016-10521
jshamcrest is vulnerable to regular expression denial of service ReDoS when certain types of user input is passed in to the emailAddress validator...
CVE-2016-10521
The CVE-2016-10521 issue affects the jshamcrest library, specifically the emailAddress validator. The underlying vulnerability is a regular expression denial of service (ReDoS) caused by certain user inputs, with PoC details showing heavy input can block the event loop. Documented impact indicate...
Web Reconnaissance Framework: Recon-ng
Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can...
DEBIAN-CVE-2015-5144
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an 1 email message to the EmailValidator, a ...
PYSEC-2015-10
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an 1 email message to the EmailValidator, a ...
PYSEC-2015-10
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an 1 email message to the EmailValidator, a ...
UBUNTU-CVE-2015-5144
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an 1 email message to the EmailValidator, a ...