9184 matches found
Design/Logic Flaw
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string...
Denial of service
jshamcrest is vulnerable to regular expression denial of service ReDoS when certain types of user input is passed in to the emailAddress validator...
CVE-2015-9239
ansi2html is vulnerable to regular expression denial of service ReDoS when certain types of user input is passed in...
CVE-2016-10539
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string...
UBUNTU-CVE-2016-10539
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string...
CVE-2016-10539
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string...
CVE-2016-10539
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string...
marked npm module "heading" ReDoS
This module exploits a Regular Expression Denial of Service vulnerability in the npm module "marked". The vulnerable portion of code that this module targets is in the "heading" regular expression. Web applications that use "marked" for generating html from markdown are vulnerable. Versions up to...
JerryScript heap buffer overread vulnerability (CNVD-2018-15379)
JerryScript is a lightweight JavaScript engine designed to run on very constrained devices such as microcontrollers. A heap buffer over-read vulnerability exists in the litreadcodeunitfromutf8 function in JerryScript 1.0 related to reparsecharclass in parser/regexp/re-parser.c. An attacker can...
UBUNTU-CVE-2018-11419
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the litreadcodeunitfromhex function via a RegExp"\u0" payload, related to reparsecharclass in parser/regexp/re-parser.c...
UBUNTU-CVE-2018-11418
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the litreadcodeunitfromutf8 function via a RegExp"\u0020" payload, related to reparsecharclass in parser/regexp/re-parser.c...
CVE-2018-11418
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the litreadcodeunitfromutf8 function via a RegExp"\u0020" payload, related to reparsecharclass in parser/regexp/re-parser.c...
SQL Injection Discovery Tool: SleuthQL
SleuthQL is a python3 script to identify parameters and values that contain SQL-like syntax. Once identified, SleuthQL will then insert SQLMap identifiers into each parameter where the SQL-esque variables were identified. SleuthQL aims to augment an assessor’s ability to discover SQL injection...
Regular Expression Denial Of Service (ReDoS)
diff is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability exists due to the usage of improper regular expression that would cause a ReDoS attack when parsing malicious strings...
HPE iMC 7.3 - Remote Code Execution (Metasploit)
Exploit Title: HPE iMC EL Injection Unauthenticated RCE Date: 6 February, 2018 Exploit Author: TrendyTofu Vendor Homepage: https://www.hpe.com/us/en/home.html Software Link: http://h10145.www1.hpe.com/Downloads/SoftwareReleases.aspx?ProductNumber=JG747AAE&lang=en&cc=us&prodSeriesId=4176535 Versio...
HPE iMC 7.3 - Remote Code Execution (Metasploit)
HPE iMC 7.3 - Remote Code Execution Metasploit Exploit Title: HPE iMC EL Injection Unauthenticated RCE Date: 6 February, 2018 Exploit Author: TrendyTofu Vendor Homepage: https://www.hpe.com/us/en/home.html Software Link:...
HPE iMC 7.3 - Remote Code Execution Exploit
Exploit for windows platform in category remote exploits Exploit Title: HPE iMC EL Injection Unauthenticated RCE Date: 6 February, 2018 Exploit Author: TrendyTofu Vendor Homepage: https://www.hpe.com/us/en/home.html Software Link:...
HPE iMC 7.3 Remote Code Execution
Exploit Title: HPE iMC EL Injection Unauthenticated RCE Date: 6 February, 2018 Exploit Author: TrendyTofu Vendor Homepage: https://www.hpe.com/us/en/home.html Software Link: http://h10145.www1.hpe.com/Downloads/SoftwareReleases.aspx?ProductNumber=JG747AAE&lang=en&cc=us&prodSeriesId=4176535 Versio...
CVE-2018-7158
The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...
DEBIAN-CVE-2018-7158
The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...