Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the interface strings for dates. An attacker can execute arbitrary scripts in the context of the user's browser by embedding malicious payloads in these messages. Details Cross-site scripting or XSS is a cod...

SUSE CVE-2015-8729

The ascendseek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service out-of-bounds read and...

nodejs-moment: Regular expression denial of service

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055...

nodejs-moment: Regular expression denial of service

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055...

ruby: Regular expression denial of service vulnerability of Date parsing methods

A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service ReDoS during the parsing of dates. This flaw allows an attacker to hang a ruby application by providing a specially crafted date string. The highest threat to this vulnerability is...

ruby: Regular expression denial of service vulnerability of Date parsing methods

A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service ReDoS during the parsing of dates. This flaw allows an attacker to hang a ruby application by providing a specially crafted date string. The highest threat to this vulnerability is...

CVE-2020-7241

The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 20200..10..20..30..9 format, guessing UNIX...

Information Disclosure

PHP is vulnerable to information disclosure vulnerability. This is because an error in the date extension's timelibmeridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to...

PT-2017-4100 · Moment.Js +2 · Moment +2

Name of the Vulnerable Software and Affected Versions: moment versions prior to 2.19.3 Description: The issue is related to a regular expression denial of service via a crafted date string. It allows a remote attacker to cause a denial of service. The vulnerability is associated with an...

DEBIAN-CVE-2014-9471

The parsedatetime function in GNU coreutils allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command...

Debian DSA-2548-1 : tor - several vulnerabilities

Several vulnerabilities have been discovered in Tor, an online privacy tool. - CVE-2012-3518 Avoid an uninitialised memory read when reading a vote or consensus document that has an unrecognized flavour name. This could lead to a remote crash, resulting in denial of service. - CVE-2012-3519 Try t...

DSA-955-1 mailman - DoS

Bulletin has no description...