VBScript 5.8.7600.16385 / 5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read Exploit

Exploit for windows platform in category dos / poc !-- Source: http://blog.skylined.nl/20161108001.html Synopsis A specially crafted script can cause the VBScript engine to read data beyond a memory block for use as a regular expression. An attacker that is able to run such a script in any...

VBScript 5.8.7600.163855.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read

VBScript 5.8.7600.163855.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read !-- Source: http://blog.skylined.nl/20161108001.html Synopsis A specially crafted script can cause the VBScript engine to read data beyond a memory block for use as a regular expression. An attacker that is able to...

VBScript RegExpComp::PnodeParse Out-Of-Bounds Read

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the sixth entry in that series. The below information is available in more detail on my blog at http://blog.skylined.nl/20161108001.html. There you can find a repro th...

nodejs-tough-cookie: regular expression DoS via Cookie header with many semicolons

A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse an HTTP header with many semicolons could cause the application to consume an excessive amount of CPU...

HackerOne: Limited Open redirection using SSO-SAML

Hello, Endpoint: https://hackerone.com/users//saml/[email protected]&rememberme=true Recently, you have patched an open redirection issue which was reported as 171398. I found a bypass of that patch. Steps to reproduce: 1. Add following in comment/report :...

Limny 2.2 Expression Language Injection

======================================================================== | Title : limny 2.2 Expression language injection vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 8.1 FranASSais V.Pro | Version : 2.2 | Vendor : http://www.limny.org/ | Dork : n/a...

CentOS Update for tomcat CESA-2016:2046 centos7

Check the version of tomcat SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882575";...

Tomcat/JbossWeb: security manager bypass via EL expressions

It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections...

Apache Mina 2.0.13 - Remote Command Execution

Apache Mina 2.0.13 - Remote Command Execution. Webapps exploit for Java platform Apache Mina 2.0.13 - Remote Command Execution Abstract Apache Mina 2.0.13 uses the OGNL library in the “IoSessionFinder” class. Its constructor takes into parameter one OGNL expression. Then this expression is execut...

Mindoktor: Vulnerable Mobile Phone configuration

Information I've found that when you register in "https://clinic.mindoktor.se/user/register", there is a specific field that says: "Mobile Phone - is needed to receive one-time codes via SMS". According to the description: You need your mobile phone every time you log in, so for every login an sm...

FreeBSD : FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3) (70140f20-6007-11e6-a6c3-14dae9d210b8)

A specifically crafted Composite Document File CDF file can trigger an out-of-bounds read or an invalid pointer dereference. CVE-2012-1571 A flaw in regular expression in the awk script detector makes use of multiple wildcards with unlimited repetitions. CVE-2013-7345 A malicious input file could...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise security update

An update is now available for Red Hat OpenShift Enterprise 3.1 and Red Hat OpenShift Enterprise 3.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

nodejs-minimatch: Regular expression denial-of-service

A regular expression denial of service flaw was found in Minimatch. An attacker able to make an application using Minimatch to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU...

Moderate: Red Hat Security Advisory: nodejs010-nodejs-minimatch security update

An update for nodejs010-nodejs-minimatch is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: rh-nodejs4-nodejs-minimatch security update

An update for rh-nodejs4-nodejs-minimatch is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ReDoS via long string of semicolons

Overview Affected versions of tough-cookie may be vulnerable to regular expression denial of service when long strings of semicolons exist in the Set-Cookie header. Recommendation Update to version 2.3.0 or later. References GitHub Advisory...

The vulnerability of the Apache Struts software platform, which allows a hacker to execute arbitrary code

The vulnerability of the REST plugin for the Apache Struts software platform exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created expression...

PT-2018-17919 · Node.Js +2 · Node.Js +2

Name of the Vulnerable Software and Affected Versions: Node.js versions 4.x Description: The issue concerns a potential regular expression denial of service ReDoS vector in the 'path' module. This module is used for various path parsing functions, including path.dirname, path.extname, and...

Spring Boot Framework SPEL Expression Injection Vulnerability

Spring is a lightweight Java development framework . Spring Boot is a core subproject of Spring , which is designed to simplify the initial setup of new Spring applications and the development process . Spring Boot Framework SPEL Expression Injection Vulnerability. As the user adopts Spring Boot ...

CVE-2016-1000022

A regular expression denial of service flaw was found in Negotiator. An attacker able to make an application using Negotiator to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU...