40 vulnerabilities in SMF 1.1.10/SMF 2.0RC2 by elhacker.net (Simple Audit)

This is the first batch of vulnerabilities found by the SimpleAudit team from elhacker.net http://labs.elhacker.net/simpleaudit Our goal is to evaluate the security of SMF 2.0 before using it on our own server, and we have found several security vulnerabilities. The vulnerabilities that also appl...

CVE-2009-3275

Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs in Microsoft patterns & practices Enterprise Library aka EntLib allows context-dependent attackers to cause a denial of service CPU consumption via an input string composed of many \ backslash characters followed by a " double...

CVE-2009-3277

DataVault.Tesla/Impl/TypeSystem/AssociationHelper.cs in datavault allows context-dependent attackers to cause a denial of service CPU consumption via an input string composed of an open bracket followed by many commas, related to a certain regular expression, aka a "ReDoS" vulnerability...

Input validation

Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs in Microsoft patterns & practices Enterprise Library aka EntLib allows context-dependent attackers to cause a denial of service CPU consumption via an input string composed of many \ backslash characters followed by a " double...

Input validation

Zoran/WinFormsAdvansed/RegeularDataToXML/Form1.cs in WinFormsAdvansed in NASD CORE.NET Terelik aka corenet1 allows context-dependent attackers to cause a denial of service CPU consumption via an input string composed of many alphabetic characters followed by a ! exclamation point, related to a...

CVE-2009-3276

Zoran/WinFormsAdvansed/RegeularDataToXML/Form1.cs in WinFormsAdvansed in NASD CORE.NET Terelik aka corenet1 allows context-dependent attackers to cause a denial of service CPU consumption via an input string composed of many alphabetic characters followed by a ! exclamation point, related to a...

CVE-2009-3277

DataVault.Tesla/Impl/TypeSystem/AssociationHelper.cs in datavault allows context-dependent attackers to cause a denial of service CPU consumption via an input string composed of an open bracket followed by many commas, related to a certain regular expression, aka a "ReDoS" vulnerability...

CVE-2009-3276

CVE-2009-3276 affects Zoran/WinFormsAdvansed/RegeularDataToXML/Form1.cs in WinFormsAdvansed within NASD CORE.NET Terelik (aka corenet1). The vulnerability is a ReDoS: context-dependent attackers can cause CPU exhaustion by supplying an input string consisting of many alphabetic characters followe...

CVE-2009-3275

Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs in Microsoft patterns & practices Enterprise Library aka EntLib allows context-dependent attackers to cause a denial of service CPU consumption via an input string composed of many \ backslash characters followed by a " double...

CVE-2009-3275

CVE-2009-3275 affects Microsoft patterns & practices Enterprise Library (EntLib). The vulnerability lies in Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs, where a regex handling input can be exploited by a long string of backslashes followed by a double quote to cause hig...

CVE-2009-3277

CVE-2009-3277 describes a ReDoS vulnerability in DataVault.Tesla/Impl/TypeSystem/AssociationHelper.cs within datavault. The issue allows context-dependent attackers to cause a denial of service by feeding an input string that starts with an opening bracket followed by many commas, exploiting a re...

CVE-2021-42248

CVE-2021-42248 is a duplicate of CVE-2021-42836. The connected document for CVE-2021-42836 describes a ReDoS vulnerability in the GJSON library (before version 1.9.3) where specially crafted JSON input can trigger a regular expression denial of service. Impact is denial of service; no product/ver...