Code injection

An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote attackers to cause a denial of service CPU consumption by triggering an arbitrary regular-expression match attempt, aka ZEN-15411...

Next Generation Snort IPS: Snort3

The Snort++ project has been hard at work for a while now and we have released the third alpha of the next generation Snort IPS Intrusion Prevention System. This file will show you what Snort++ has to offer and guide you through the steps from download to demo. If you are unfamiliar with Snort yo...

[SECURITY] Fedora 21 Update: pcre-8.35-8.fc21

Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...

ThinkPHP架构设计不合理极易导致SQL注入

简要描述： 没有上一个问题严重，但也是thinkphp设计上的隐患，提出来希望能修改，不过忽略了也没办法。 实际上这两个洞的意义不仅于此，这是框架流行的时代，注入的一个新思路。 详细说明： 这个问题其实应该从前段时间Th1nk发的mongodb注入说起，http://drops.wooyun.org/tips/3939，其中提到了mongodb一种注入方式：...

Adobe Flash Player Regular Expression Object Out-Of-Bound Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose arbitrary memory on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Regular Expressio...

Adobe Flash Player Regular Expression Object Out-Of-Bound Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose arbitrary memory on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Regular Expressio...

phpok sql注入一枚

简要描述： phpok4.2.083，刚下的 详细说明： 1.safekey固定，导致加密函数可逆 2.使用固定的safekey加密后发起攻击请求，加密内容在代码中解密，绕过了过滤 /install/index.php中 $content = filegetcontentsROOT."config.php"; //查找替换 $content = pregreplace'/$config"db"\"file"\s=\s'|"a-zA-Z0-9-\'|";/isU','$config"db""file" = "'.$dbconfig'file'.'";',$content;...

pcre: heap buffer overflow

A heap buffer overflow issue was found in PCRE when processing a specially crafted regular expression, causing a denial of service or other unspecified impact...

WordPress 4.0.1 Cross-Site Scripting Vulnerability Patch

WordPress’s latest update, 4.0.1, patches a critical cross-site scripting vulnerability affecting comment boxes on websites running the content management system software. An attacker would need only to inject malicious JavaScript into a comment that would infect a reader viewing it on the webpag...

CentOS 6 : glibc (CESA-2013:1605)

Updated glibc packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

RHEL 4 : JBoss EWP (RHSA-2013:0197)

Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...

file: unrestricted regular expression matching

Multiple flaws were found in the File Information fileinfo extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU...

file: unrestricted regular expression matching

Multiple flaws were found in the File Information fileinfo extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU...

Mandriva Linux Security Advisory : bugzilla (MDVSA-2014:200)

Updated bugzilla packages fix security vulnerabilities : If a new comment was marked private to the insider group, and a flag was set in the same transaction, the comment would be visible to flag recipients even if they were not in the insider group CVE-2014-1571. An attacker creating a new...

Internet Bug Bounty: Adobe Flash Player Out-of-Bound Read/Write Vulnerability

I. Summary Adobe Flash Player is prone to a vulnerability which leads to Out-of-Bound access of memory. During the compilation of a malformed regular expression, relevant operations would cause Out-of-Bound Read/Write of stack and heap memory. Successful exploits may allow an attacker to gain...

Mandriva Linux Security Advisory : perl-Email-Address (MDVSA-2014:192)

Updated perl-Email-Address package fixes security vulnerability : The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service CPU consumption via an empty quoted string in an RFC 2822 address...

CentOS Update for php CESA-2014:1327 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 : php (ELSA-2014-1327)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1327 advisory. - gd: fix NULL pointer dereference in gdImageCreateFromXpm. CVE-2014-2497 - gd: fix NUL byte injection in file names. CVE-2014-5120 - fileinfo: fix...

php security update

CentOS Errata and Security Advisory CESA-2014:1327 Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, whic...

Moderate: Red Hat Security Advisory: php security update

Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for...