HPE iMC 7.3 - Remote Code Execution Exploit

Exploit for windows platform in category remote exploits Exploit Title: HPE iMC EL Injection Unauthenticated RCE Date: 6 February, 2018 Exploit Author: TrendyTofu Vendor Homepage: https://www.hpe.com/us/en/home.html Software Link:...

HPE iMC 7.3 - Remote Code Execution (Metasploit)

Exploit Title: HPE iMC EL Injection Unauthenticated RCE Date: 6 February, 2018 Exploit Author: TrendyTofu Vendor Homepage: https://www.hpe.com/us/en/home.html Software Link: http://h10145.www1.hpe.com/Downloads/SoftwareReleases.aspx?ProductNumber=JG747AAE&lang=en&cc=us&prodSeriesId=4176535 Versio...

Code injection

The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...

CVE-2018-7158

The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...

ALPINE-CVE-2018-7158

The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...

DEBIAN-CVE-2018-7158

The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...

CVE-2018-7158

The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...

CVE-2018-7158

The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...

Denial of Service

Overview All versions of foreman are vulnerable to Regular Expression Denial of Service when requests to it are made with a specially crafted path. Recommendation Upgrade to version 3.0.1. References - HackerOne Report - https://github.com/strongloop/node-foreman/blob/v2.0.0/forward.jsL30 - GitHu...

MGASA-2018-0241 Updated perl packages fix security vulnerabilities

Brian Carpenter reported that a crafted regular expression could cause a heap buffer write overflow, with control over the bytes written CVE-2018-6797. Nguyen Duc Manh reported that matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially...

HPE Intelligent Management Center WmiConfigContent Expression Language Injection (CVE-2017-12526)

An Expression Language injection vulnerability exists in HPE Intelligent Management Center. The vulnerability is due to insufficient handling of request parameter on wmiConfigContent.xhtml...

Regular Expression Denial Of Service (ReDoS)

marked is vulnerable to regular expression denial of service ReDoS attacks. A malicious user can pass a string that when parsed can cause a ReDoS...

Regular Expression Denial Of Service (ReDoS)

spring-messaging is vulnerable to regular expression denial of service ReDoS attacks. A malicious user can pass a message to an in-memory STOMP broker that can cause a ReDoS...

openSUSE Security Update : apache2 (openSUSE-2018-438)

This update for apache2 fixes the following issues : - CVE-2018-1283: when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a 'Session' header leading to unexpected behavior bsc1086814. -...

Denial Of Service (DoS)

node is vulnerable to regular expression denial of service ReDoS attacks. The vulnerability exists in the path module of Node.js 4.x releases that contains a bad regex defined in splitPathRe that causes ReDoS attacks when parsing malicious paths...

SRC-2019-0042 : Hewlett Packard Enterprise Intelligent Management Center ForwardRedirect Expression Language Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbcenclen during regular expression searching. Invalid handling of reg-dmin in forwardsearchrange could result in an invalid pointer...

Regular Expression Denial Of Service (ReDoS)

plist is vulnerable to regular expression denial of service DoS attacks. The vulnerability exists as a vulnerable regular expression string is used, causing a DoS attack when parsing a malicious string...

Regular Expression Denial Of Service (ReDoS)

rgb2hex is vulnerable to regular expression denial of service ReDoS attacks. A malicious user can pass a malicious color string in hexadecimal number that when parsed can cause a ReDoS...

Regular Expression Denial Of Service (ReDoS)

foreman is vulnerable to regular expression denial of service ReDoS. The vulnerability is possible because regular expressions used for URL path are not filtering the evil string input by the attacker...