Apache Struts REST Plugin OGNL Expression Handling RCE

Remote command execution vulnerability in Apache Struts REST Plugin OGNL expression handling Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Apache Struts Dynamic Method Invocation Expression Handling RCE

Remote command execution vulnerability in Apache Struts Dynamic Method Invocation expression handling Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Regular Expression Denial Of Service (ReDoS)

braces is vulnerable to Regular expression Denial of Service ReDoS. parser.js uses regular expression ^\,+?:\,+\,|,?:\,+\,+\ to detects empty braces, consuming 10 seconds matching time for data 50K characters long...

CVE-2018-6798

An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure...

DEBIAN-CVE-2018-6798

An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure...

Heap overflow

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written...

ALPINE-CVE-2018-6797

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written...

CVE-2018-6798

An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure...

CVE-2018-6797

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written...

CVE-2018-6797

CVE-2018-6797 affects Perl 5.18–5.26. A crafted regular expression can trigger a heap-based buffer overflow, with control over written bytes. Public references in the provided documents confirm this vulnerability in Perl and note fixes/updates across distributions (e.g., Fedora perl-5.26.x/CF pat...

CVE-2018-6797

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written...

Regular Expression Denial Of Service (ReDoS)

marked is vulnerable to regular expression denial-of-service ReDoS attacks. The vulnerability exists as a vulnerable regex for parsing heading causes catastrophic backtracking is used in lib/marked.js, allowing a malicious input to consume resources to cause a ReDoS attack...

CVE-2018-9153

The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the appid parameter to zbusers/plugin/AppCentre/pluginedit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component must be accessed directl...

Cross site request forgery (csrf)

The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the appid parameter to zbusers/plugin/AppCentre/pluginedit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component must be accessed directl...

Debian DSA-4172-1 : perl - security update

Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2018-6797 Brian Carpenter reported that a crafted regular expression could cause a heap buffer write overflow...

Internet Bug Bounty: CVE-2018-6797: A crafted regular expression can cause a heap buffer write overflow in Perl 5 giving a remote attacker control over bytes written

An attacker supplies a regular expression containing one or more \xDF characters after an escape putting the regexp into unicode matching mode, such as a \N escape. Each \xDF character adds one byte of overflow, and any other text in the regular expression is written in order, providing the...

CVE-2018-6797

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written...

Spring Data Commons Remote Code Execution Vulnerability

Spring Data is a project module in the Spring Framework that provides access to the underlying data , Spring Data Commons is a shared base module . A remote code execution vulnerability exists in Spring Data Commons. The vulnerability is due to the Spring Data Commons module using SpEl expression...

Netwide Assembler De-Zero Vulnerability

Netwide Assembler NASM is a portable, modular 80x86 and x86-64 assembler. A divide-by-zero vulnerability exists in the expr5 function in asm/eval.c in Netwide Assembler NASM 2.14rc0. An attacker can exploit this vulnerability via a malformed input file to cause a divide-by-zero error...

LinkFinder - A Python Script That Finds Endpoints In JavaScript Files

LinkFinder is a python script written to discover endpoints and their parameters in JavaScript files. This way penetration testers and bug hunters are able to gather new, hidden endpoints on the websites they are testing. Resulting in new testing ground, possibility containing new vulnerabilities...