9269 matches found
CVE-2016-10539
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string...
CVE-2016-10520
jadedown is vulnerable to regular expression denial of service ReDoS when certain types of user input is passed in...
Denial of service
jshamcrest is vulnerable to regular expression denial of service ReDoS when certain types of user input is passed in to the emailAddress validator...
CVE-2016-10521
jshamcrest is vulnerable to regular expression denial of service ReDoS when certain types of user input is passed in to the emailAddress validator...
Input validation
jadedown is vulnerable to regular expression denial of service ReDoS when certain types of user input is passed in...
Design/Logic Flaw
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string...
Input validation
ansi2html is vulnerable to regular expression denial of service ReDoS when certain types of user input is passed in...
CVE-2015-9239
ansi2html is vulnerable to regular expression denial of service ReDoS when certain types of user input is passed in...
UBUNTU-CVE-2016-10539
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string...
CVE-2016-10539
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string...
CVE-2016-10539
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string...
marked npm module "heading" ReDoS
This module exploits a Regular Expression Denial of Service vulnerability in the npm module "marked". The vulnerable portion of code that this module targets is in the "heading" regular expression. Web applications that use "marked" for generating html from markdown are vulnerable. Versions up to...
JerryScript heap buffer overread vulnerability (CNVD-2018-15379)
JerryScript is a lightweight JavaScript engine designed to run on very constrained devices such as microcontrollers. A heap buffer over-read vulnerability exists in the litreadcodeunitfromutf8 function in JerryScript 1.0 related to reparsecharclass in parser/regexp/re-parser.c. An attacker can...
UBUNTU-CVE-2018-11418
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the litreadcodeunitfromutf8 function via a RegExp"\u0020" payload, related to reparsecharclass in parser/regexp/re-parser.c...
CVE-2018-11418
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the litreadcodeunitfromutf8 function via a RegExp"\u0020" payload, related to reparsecharclass in parser/regexp/re-parser.c...
UBUNTU-CVE-2018-11419
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the litreadcodeunitfromhex function via a RegExp"\u0" payload, related to reparsecharclass in parser/regexp/re-parser.c...
SQL Injection Discovery Tool: SleuthQL
SleuthQL is a python3 script to identify parameters and values that contain SQL-like syntax. Once identified, SleuthQL will then insert SQLMap identifiers into each parameter where the SQL-esque variables were identified. SleuthQL aims to augment an assessor’s ability to discover SQL injection...
Regular Expression Denial Of Service (ReDoS)
diff is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability exists due to the usage of improper regular expression that would cause a ReDoS attack when parsing malicious strings...
HPE iMC 7.3 - Remote Code Execution (Metasploit)
HPE iMC 7.3 - Remote Code Execution Metasploit Exploit Title: HPE iMC EL Injection Unauthenticated RCE Date: 6 February, 2018 Exploit Author: TrendyTofu Vendor Homepage: https://www.hpe.com/us/en/home.html Software Link:...
HPE iMC 7.3 Remote Code Execution
Exploit Title: HPE iMC EL Injection Unauthenticated RCE Date: 6 February, 2018 Exploit Author: TrendyTofu Vendor Homepage: https://www.hpe.com/us/en/home.html Software Link: http://h10145.www1.hpe.com/Downloads/SoftwareReleases.aspx?ProductNumber=JG747AAE&lang=en&cc=us&prodSeriesId=4176535 Versio...