9267 matches found
Hewlett Packard Enterprise Intelligent Management Center compareFilesResult Expression Language Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
Hewlett Packard Enterprise Intelligent Management Center smsRulesDownload Expression Language Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
Hewlett Packard Enterprise Intelligent Management Center quickTemplateSelect Expression Language Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
IdentityServer3 authorize response page cross-site scripting vulnerability
IdentityServer3 is a .NET-based access control plug-in for Web applications. A cross-site scripting vulnerability in the Angular expression of the IdentityServer3 authorize response page allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be use...
Hewlett Packard Enterprise Intelligent Management Center faultEventSelectFactWithRecover Expression Language Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
CVE-2017-12677
IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Angular expression on the authorize response page, which might allow remote attackers to obtain sensitive information about the IdentityServer authorization response...
Expression Injection Vulnerability in Kingdee GSiS Government Service Platform
GSiS government service platform is an integrated product developed by Kingdee to integrate government affairs disclosure, government services and e-surveillance on a unified e-government platform. Expression injection vulnerability exists in Kingdee GSiS government service platform. It allows...
Regular Expression Denial Of Service (ReDoS)
Moodle is vulnerable to Regular Expression Denial Of Service ReDoS attacks. The attacks can be triggered because of the use of a non-optimal regular expression in the URLs filter in filter/urltolink/filter.php, causing high CPU consumption during URL conversion...
[SECURITY] Fedora 25 Update: yara-3.6.3-1.fc25
YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...
offsetexpressionprinting.com XSS vulnerability
Vulnerable URL: http://offsetexpressionprinting.com/tagproducts.php?idtag=4%22%3E%3Csvg%2Fonload%3Dprompt%2FOPENBUGBOUNTY%2F%3E Details: Description| Value ---|--- Patched:| Yes, at 27.11.2017 Latest check for patch:| 27.11.2017 16:36 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...
Code injection
Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces . This expression will be evaluated by any other authenticated user who views the...
CVE-2017-5246
Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces . This expression will be evaluated by any other authenticated user who views the...
CVE-2017-5246
Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can supply a valid AngularJS expression ({{ … }}) which will be evaluated by other authenticated users viewing the attacker’s display name. Affected versions are 5.0.0000 t...
rack-cors CORS request vulnerability
rack-cors is a middleware for resource sharing across sources. regex is a regular expression created in it. A security vulnerability exists in the regex created in versions of rack-cors prior to 0.4.1. An attacker can exploit this vulnerability to execute cross-origin resource sharing requests...
CVE-2017-11164
In PCRE 8.41, the OPKETRMAX feature in the match function in pcreexec.c allows stack exhaustion uncontrolled recursion when processing a crafted regular expression...
Code injection
In PCRE 8.41, the OPKETRMAX feature in the match function in pcreexec.c allows stack exhaustion uncontrolled recursion when processing a crafted regular expression...
CVE-2017-11164
In PCRE 8.41, the OPKETRMAX feature in the match function in pcreexec.c allows stack exhaustion uncontrolled recursion when processing a crafted regular expression...
CVE-2017-11164
In PCRE 8.41, the OPKETRMAX feature in the match function in pcreexec.c allows stack exhaustion uncontrolled recursion when processing a crafted regular expression...
CVE-2017-11164
In PCRE 8.41, the OPKETRMAX feature in the match function in pcreexec.c allows stack exhaustion uncontrolled recursion when processing a crafted regular expression...
CVE-2017-11164
In PCRE 8.41, the OPKETRMAX feature in the match function in pcreexec.c allows stack exhaustion uncontrolled recursion when processing a crafted regular expression...