9244 matches found
CVE-2020-7141
A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...
CVE-2020-7141
Vulnerability: HPE Intelligent Management Center (iMC) prior to 7.3 (E0705P07) is affected by a remote code execution through adddevicetoview Expression Language Injection. Root cause (per ZDI): improper handling/validation of the beanName parameter in addDeviceToView.xhtml, enabling arbitrary co...
CVE-2020-24651
HPE Intelligent Management Center (iMC) before PLAT 7.3 (E0705P07) is affected by CVE-2020-24651. The issue is a syslogTempletSelectWin expression language injection in the SyslogTempletSelectWin.xhtml endpoint, enabling remote code execution with SYSTEM privileges. Exploitation details indicate ...
CVE-2020-24650
The CVE-2020-24650 issue affects HPE Intelligent Management Center (iMC) prior to PLAT 7.3 (E0705P07). It is a legend expression language injection vulnerability in the legend.xhtml handling of the beanName parameter, enabling remote code execution. Exploitation is described as network-based with...
CVE-2020-24650
A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...
Remote Code Execution (RCE)
oniguruma is vulnerable to remote code execution RCE. The vulnerability exists as a buffer overflow can occur through a regular expression for compilation in concatoptexactstr in src/regcomp.c...
Regular Expression Denial of Service
Overview npm-user-validate before version 1.0.1 is vulnerable to a Regular Expression Denial of Service REDos. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters. Impact The issue affects the email function. If you use this...
Regular Expression Denial of Service in npm-user-validate
npm-user-validate before version 1.0.1 is vulnerable to a Regular Expression Denial of Service REDos. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters. Impact The issue affects the email function. If you use this function to...
GHSA-XGH6-85XH-479P Regular Expression Denial of Service in npm-user-validate
npm-user-validate before version 1.0.1 is vulnerable to a Regular Expression Denial of Service REDos. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters. Impact The issue affects the email function. If you use this function to...
Regular Expression Denial of Service (ReDoS)
Overview lodash is a modern JavaScript utility library delivering modularity, performance, & extras. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions. POC var lo = require'lodash'; function buildblank n var...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions. POC var lo = require'lodash'; function buildblank n var ret = "1" for var i = 0; i n; i++ ret += " " return ret + "1"; var s = buildblank50000 var...
Regular Expression Denial of Service (ReDoS)
Overview djvalidator is a DjValidator is the jquery plugin for validating web forms, simpler, faster to use and flexible, it does not depend on any UI framework. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS by sending crafted invalid emails - for...
hibernate-validator: Improper input validation in the interpolation of constraint error messages
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation escaping, stripping controls that developers may have put in place...
Regular Expression Denial of Service (ReDoS)
Overview express-validators is an Express framework json objectreq validator. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS when validating specifically-crafted invalid urls. POC: var expressValidators = require"express-validators"; var Obj =...
Lemon Duck Cryptocurrency-Mining Botnet Activity Spikes
Researchers are warning of a recent dramatic uptick in the activity of the Lemon Duck cryptocurrency-mining botnet, which targets victims’ computer resources to mine the Monero virtual currency. Click to Register! Researchers warn that Lemon Duck is “one of the more complex” mining botnets, with...
Regular Expression Denial of Service (ReDoS)
Overview trim is a Trim string whitespace Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the trim method. PoC by Liyuan Chen: js var trim = require"trim" function buildattack n var ret = "1" for var i = 0; i n; i++ ret += " " return ret + "1"; v...
Regular expression denial of service (ReDoS) in EmailValidator class in Vaadin 7
Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 Vaadin 7.0.0 through 7.7.21 allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses. See CWE-400: Uncontrolled Resource Consumption Description...
Regular Expression Denial of Service (ReDoS)
Overview dat.gui is an A lightweight graphical user interface for changing variables in JavaScript. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via specially crafted rgb and rgba values. PoC js var gui = new dat.gui.GUI; var Options = function...
CVE-2020-15598
Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regular expressions that can result in a Denial...
Cisco IOS Software Split DNS DoS (cisco-sa-splitdns-SPWqpdGW)
According to its self-reported version, Cisco IOS Software is affected by a denial of service DoS vulnerability as the Split DNS feature's regular expression regex engine may time out when processing the DNS name list configuration. An unauthenticated, remote attacker could cause an affected devi...