9157 matches found
PT-2017-4265 · Gnu +2 · Gnu C Library +2
Name of the Vulnerable Software and Affected Versions: GNU C Library affected versions not specified Description: The issue is related to the pop fail stack function in the GNU C Library, which can be exploited by attackers to cause a denial of service, resulting in an assertion failure and...
[SECURITY] Fedora 24 Update: pcre-8.40-2.fc24
PCRE, Perl-compatible regular expression, library has its own native API, b ut a set of wrapper functions that are based on the POSIX API are also supplied in the libpcreposix library. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...
CVE-2017-6004
The compilebracketmatchingpath function in pcrejitcompile.c in PCRE through 8.x before revision 1680 e.g., the PHP 7.1.1 bundled version allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted regular expression...
Pornhub: http://ht.pornhub.com/ stored XSS in widget stylesheet
The researcher discovered a way to include JavaScript content through the CSS editor by leveraging the expression dynamic property...
CVE-2016-6233
The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern \w in a regular expression...
CVE-2016-6233
The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern \w in a regular expression...
Sql injection
The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern \w in a regular expression...
CVE-2017-6004
The compilebracketmatchingpath function in pcrejitcompile.c in PCRE through 8.x before revision 1680 e.g., the PHP 7.1.1 bundled version allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted regular expression...
UBUNTU-CVE-2017-6004
The compilebracketmatchingpath function in pcrejitcompile.c in PCRE through 8.x before revision 1680 e.g., the PHP 7.1.1 bundled version allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted regular expression...
CVE-2017-6004
The compilebracketmatchingpath function in pcrejitcompile.c in PCRE through 8.x before revision 1680 e.g., the PHP 7.1.1 bundled version allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted regular expression...
DEBIAN-CVE-2017-6004
The compilebracketmatchingpath function in pcrejitcompile.c in PCRE through 8.x before revision 1680 e.g., the PHP 7.1.1 bundled version allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted regular expression...
CVE-2017-6004
The compilebracketmatchingpath function in pcrejitcompile.c in PCRE through 8.x before revision 1680 e.g., the PHP 7.1.1 bundled version allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted regular expression...
GLSA-201702-06 : Graphviz: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201702-06 Graphviz: Multiple vulnerabilities Multiple vulnerabilities in Graphviz were discovered. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, able to control input matched against a...
Graphviz: Multiple vulnerabilities
Background Graphviz is an open source graph visualization software. Description Multiple vulnerabilities in Graphviz were discovered. Please review the CVE identifiers referenced below for details. Impact A remote attacker, able to control input matched against a regular expression or by enticing...
ReDoS via long UserAgent header
Overview Affected versions of useragent are vulnerable to regular expression denial of service when an arbitrarily long User-Agent header is parsed. Proof of Concept var useragent = require'useragent'; var badUserAgent = 'MSIE 0.0'+Array900000.join'0'+'XBLWP'; var request = 'GET /...
Artifex MuJS 'regexp.c' Integer Overflow Vulnerability
Artifex Software MuJS is a lightweight JavaScript interpreter from Artifex Software, USA, which is used to embed into other software to provide script execution capabilities. An integer overflow vulnerability exists in the 'jsregcomp' function of the regexp.c file in Artifex Software MuJS. An...
Design/Logic Flaw
PEAR HTMLAJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression...
CVE-2017-5677
PEAR HTMLAJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression...
CVE-2017-5677
PEAR HTMLAJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression...
CVE-2017-5677
Summary: CVE-2017-5677 affects PEAR HTML_AJAX versions 0.3.0–0.5.7. The vulnerability is a PHP Object Injection in the HTML_AJAX_Serializer_PHP class, which uses unserialize() on user-controlled input. The root cause is described as an incorrect regular expression used to extract class names, all...