Hacking the Tax Code

The tax code isn’t software. It doesn’t run on a computer. But it’s still code. It’s a series of algorithms that takes an input--financial information for the year--and produces an output: the amount of tax owed. It’s incredibly complex code; there are a bazillion details and exceptions and speci...

Regular Expression Denial Of Service (ReDoS)

http-cache-semantics is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists in the index.js because of insufficient regular expression complexity which allows an attacker to cause an application crash...

Cross site scripting

A vulnerability was found in Custom-Content-Width 1.0. It has been declared as problematic. Affected by this vulnerability is the function overridecontentwidth/registersettings of the file custom-content-width.php. The manipulation leads to cross site scripting. The attack can be launched remotel...

CVE-2015-10075 Custom-Content-Width custom-content-width.php register_settings cross site scripting

A vulnerability was found in Custom-Content-Width 1.0. It has been declared as problematic. Affected by this vulnerability is the function overridecontentwidth/registersettings of the file custom-content-width.php. The manipulation leads to cross site scripting. The attack can be launched remotel...

CVE-2023-0686

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function updatecart of the file /oews/classes/Master.php?f=updatecart of the component HTTP POST Request Handler. The manipulation of the argument cartid leads to sql injectio...

Sql injection

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function updatecart of the file /oews/classes/Master.php?f=updatecart of the component HTTP POST Request Handler. The manipulation of the argument cartid leads to sql injectio...

CVE-2023-0686 SourceCodester Online Eyewear Shop HTTP POST Request update_cart sql injection

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function updatecart of the file /oews/classes/Master.php?f=updatecart of the component HTTP POST Request Handler. The manipulation of the argument cartid leads to sql injectio...

CVE-2018-25079

A flaw was found in the is-url package. The manipulation leads to inefficient regular expression complexity...

CVE-2017-20175 DaSchTour matomo-mediawiki-extension Username Piwik.hooks.php cross site scripting

A vulnerability classified as problematic has been found in DaSchTour matomo-mediawiki-extension up to 2.4.2 on MediaWiki. This affects an unknown part of the file Piwik.hooks.php of the component Username Handler. The manipulation leads to cross site scripting. It is possible to initiate the...

Sql injection

A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/?p=products/viewproduct.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The...

is-url Inefficient Regular Expression Complexity vulnerability

A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is an unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version 1.2....

Information disclosure

A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version...

CVE-2018-25079 Segmentio is-url index.js redos

A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version...

Security Bulletin: IBM App Connect Enterprise Certified Container flows that use scheduled event nodes may be vulnerable to denial of service due to [CVE-2023-22467]

Summary Node.js module moment.js Luxon is used by IBM App Connect Enterprise Certified Container in the scheduled event node. IBM App Connect Enterprise Certified Container IntegrationServer and DesignerAuthoring operands that run flows containing a scheduled event node may be vulnerable to denia...

CVE-2023-0641

A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password...

Design/Logic Flaw

A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password...

Denial Of Service (DoS)

libcmark-gfm.so is vulnerable to Denial of Service DoS attacks. A malicious user is able to pass various commands with very large values through inlines.c, causing the running time to increase quadratically due to polynomial time complexity issues, resulting in an application crash...

Delta Electronics DIAScreen

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DIAScreen Vulnerabilities: Stack-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of...

CVE-2016-15022

A vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file checksystem.php. The manipulation of the argument $SERVER'SERVERSOFTWARE' leads to cross site scripting. The attack can be launched...

CVE-2022-44717

An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur issue 1 of 2. After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack...