9162 matches found
arxius: Open redirects protection bypass
Hello, The regular expression that you are using to validate the redirect GET parameter for the /signup and /login endpoints is not complete, which allows an attacker to bypass your open redirects protection in order to redirect victims to malicious pages. The following are two PoCs, one for each...
[SECURITY] Fedora 25 Update: yara-3.6.0-1.fc25
YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...
Auto-binding vulnerabilities and Spring MVC-vulnerability warning-the black bar safety net
Today to introduce a not very well-known vulnerability—auto binding vulnerability, or referred to as mass assignment in. Automatic binding capabilities in many of the frameworks are achieved, it allows the framework to automatically convert the HTTP request parameter bound to the object and to...
CVE-2017-9729
In uClibc 0.9.33.2, there is stack exhaustion uncontrolled recursion in the checkdstlimitscalcpos1 function in misc/regex/regexec.c when processing a crafted regular expression...
DEBIAN-CVE-2017-9729
In uClibc 0.9.33.2, there is stack exhaustion uncontrolled recursion in the checkdstlimitscalcpos1 function in misc/regex/regexec.c when processing a crafted regular expression...
CVE-2017-9728
In uClibc 0.9.33.2, there is an out-of-bounds read in the getsubexp function in misc/regex/regexec.c when processing a crafted regular expression...
Out-of-bounds
In uClibc 0.9.33.2, there is an out-of-bounds read in the getsubexp function in misc/regex/regexec.c when processing a crafted regular expression...
CVE-2017-9728
In uClibc 0.9.33.2, there is an out-of-bounds read in the getsubexp function in misc/regex/regexec.c when processing a crafted regular expression...
CVE-2017-9729
In uClibc 0.9.33.2, there is stack exhaustion uncontrolled recursion in the checkdstlimitscalcpos1 function in misc/regex/regexec.c when processing a crafted regular expression...
CVE-2017-9729
In uClibc 0.9.33.2, there is stack exhaustion uncontrolled recursion in the checkdstlimitscalcpos1 function in misc/regex/regexec.c when processing a crafted regular expression...
CVE-2017-9728
In uClibc 0.9.33.2, there is an out-of-bounds read in the getsubexp function in misc/regex/regexec.c when processing a crafted regular expression...
CVE-2017-9728
In uClibc 0.9.33.2, there is an out-of-bounds read in the getsubexp function in misc/regex/regexec.c when processing a crafted regular expression...
CVE-2017-9728
CVE-2017-9728 affects uClibc 0.9.33.2, with an out-of-bounds read in the get_subexp function of misc/regex/regexec.c when processing a crafted regular expression. The connected sources consistently describe this exact issue; no remediation or patch details are provided in the supplied documents. ...
CVE-2017-9729
In uClibc 0.9.33.2, there is stack exhaustion uncontrolled recursion in the checkdstlimitscalcpos1 function in misc/regex/regexec.c when processing a crafted regular expression...
[SECURITY] Fedora 26 Update: yara-3.6.0-1.fc26
YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...
CVE-2017-4971: Spring WebFlow remote code execution vulnerability analysis-vulnerability warning-the black bar safety net
Spring severe of these vulnerabilities have traditionally not too much, before the more serious that problem is Spring's JavaBean automatic binding function, the result can be control class, which can lead to the use of certain characteristics of the execution of arbitrary code, but that...
Internet Bug Bounty: PHP mbstring / Oniguruma multiple remote heap/stack corruptions
Oniguruma 1 by K. Kosako is a BSD licensed regular expression library that supports a variety of character encodings. The Ruby programming language, in version 1.9, as well as PHP's multi-byte string module since PHP5, use Oniguruma as their regular expression engine. It is also used in products...
UBUNTU-CVE-2017-9438
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service stack consumption via a crafted rule involving hex strings that is mishandled in the yrreemit function, a different vulnerability than CVE-2017-9304...
WebKit JSC - Incorrect Check in emitPutDerivedConstructorToArrowFunctionContextScope
WebKit JSC - Incorrect Check in emitPutDerivedConstructorToArrowFunctionContextScope / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1173 When a super expression is used in an arrow function, the following code, which generates bytecode, is called. if...
WebKit JSC - Incorrect Check in emitPutDerivedConstructorToArrowFunctionContextScope
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1173 When a super expression is used in an arrow function, the following code, which generates bytecode, is called. if needsToUpdateArrowFunctionContext && !codeBlock-isArrowFunction bool canReuseLexicalEnvironment =...