Luxon Inefficient Regular Expression Complexity vulnerability

Impact Luxon's DateTime.fromRFC2822 has quadratic N^2 complexity on some specific inputs. This causes a noticeable slowdown for inputs with lengths above 10k characters. Users providing untrusted data to this method are therefore vulnerable to ReDoS attacks. This is the same bug as Moment's...

CVE-2023-22467

Luxon is a library for working with dates and times in JavaScript. On the 1.x branch prior to 1.38.1, the 2.x branch prior to 2.5.2, and the 3.x branch on 3.2.1, Luxon's DateTime.fromRFC2822 has quadratic N^2 complexity on some specific inputs. This causes a noticeable slowdown for inputs with...

CVE-2023-22467 luxon.js inefficient regular expression complexity vulnerability

Luxon is a library for working with dates and times in JavaScript. On the 1.x branch prior to 1.38.1, the 2.x branch prior to 2.5.2, and the 3.x branch on 3.2.1, Luxon's DateTime.fromRFC2822 has quadratic N^2 complexity on some specific inputs. This causes a noticeable slowdown for inputs with...

CVE-2023-22467 luxon.js inefficient regular expression complexity vulnerability

Luxon is a library for working with dates and times in JavaScript. On the 1.x branch prior to 1.38.1, the 2.x branch prior to 2.5.2, and the 3.x branch on 3.2.1, Luxon's DateTime.fromRFC2822 has quadratic N^2 complexity on some specific inputs. This causes a noticeable slowdown for inputs with...

BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id

The plugin suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query parameter. PoC curl -s...

BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id

The plugin suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query parameter. curl -s...

labnet.fi Cross Site Scripting vulnerability OBB-3082244

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CLSA-2022-1660810242 Fix CVE(s):

Security fixes: - JDK-8148005: One byte may be corrupted by getdatetimestring...

CLSA-2022-1660760293 Fix CVE(s):

Security fixes: - JDK-8148005: One byte may be corrupted by getdatetimestring...

CVE-2022-31039

creationtimestamp| type| source ---|---|--- 2022-06-28 00:35:04+00:00| seen| https://t.me/cibsecurity/45228...

Malicious code in datetime-moment-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4dbad972d8a1e6a5b70734879b2d6a249167a1e846cfe603d6733b150906d8fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2355 Malicious code in datetime-moment-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4dbad972d8a1e6a5b70734879b2d6a249167a1e846cfe603d6733b150906d8fa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MGASA-2022-0234 Updated php packages fix security vulnerability

CLI -Fixed bug 8575 CLI closes standard streams too early. Core -Fixed Haiku ZTS builds. Date -Fixed bug 8471 Segmentation fault when converting immutable and mutable DateTime instances created using reflection. php-fpm - Fixed bug 72185 writes empty fcgi record causing nginx 502. Mysqlnd - Fixed...

CVE-2022-28363

creationtimestamp| type| source ---|---|--- 2022-04-09 20:14:13+00:00| seen| https://t.me/cibsecurity/40429...

WordPress Bulk Datetime Change plugin licensing issue vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. An authorization issue vulnerability exists in the WordPress Bulk Datetime Change plugin, which stems from a...

CVE-2021-24842

The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1 list private post titles of other users and 2 change the posted date of other users' posts...

CVE-2021-24842

The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1 list private post titles of other users and 2 change the posted date of other users' posts...

Design/Logic Flaw

The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1 list private post titles of other users and 2 change the posted date of other users' posts...

CVE-2021-24842

The CVE-2021-24842 entry concerns the WordPress Bulk Datetime Change plugin (versions before 1.12). The vulnerability arises from missing capability checks, enabling users with Contributor roles to: 1) list private post titles of other users, and 2) change the posted date of other users’ posts. I...

PT-2021-16324 · WordPress · Bulk Datetime Change

Name of the Vulnerable Software and Affected Versions: Bulk Datetime Change WordPress plugin versions prior to 1.12 Description: The issue allows users with Contributor roles to list private post titles of other users and change the posted date of other users' posts due to a lack of capability...