CVE-2017-9229

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in leftadjustcharhead during regular expression compilation. Invalid handling of reg-dmax in forwardsearchrange could result in an invalid pointer...

CVE-2017-9225

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigencunicodegetcasefoldcodesbystr occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in...

CVE-2017-9226

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in nextstateval during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetchtoken and...

arxius: Open redirects protection bypass

Hello, The regular expression that you are using to validate the redirect GET parameter for the /signup and /login endpoints is not complete, which allows an attacker to bypass your open redirects protection in order to redirect victims to malicious pages. The following are two PoCs, one for each...

[SECURITY] Fedora 25 Update: yara-3.6.0-1.fc25

YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...

Auto-binding vulnerabilities and Spring MVC-vulnerability warning-the black bar safety net

Today to introduce a not very well-known vulnerability—auto binding vulnerability, or referred to as mass assignment in. Automatic binding capabilities in many of the frameworks are achieved, it allows the framework to automatically convert the HTTP request parameter bound to the object and to...

Out-of-bounds

In uClibc 0.9.33.2, there is an out-of-bounds read in the getsubexp function in misc/regex/regexec.c when processing a crafted regular expression...

CVE-2017-9729

In uClibc 0.9.33.2, there is stack exhaustion uncontrolled recursion in the checkdstlimitscalcpos1 function in misc/regex/regexec.c when processing a crafted regular expression...

CVE-2017-9728

In uClibc 0.9.33.2, there is an out-of-bounds read in the getsubexp function in misc/regex/regexec.c when processing a crafted regular expression...

CVE-2017-9728

In uClibc 0.9.33.2, there is an out-of-bounds read in the getsubexp function in misc/regex/regexec.c when processing a crafted regular expression...

CVE-2017-9729

In uClibc 0.9.33.2, there is stack exhaustion uncontrolled recursion in the checkdstlimitscalcpos1 function in misc/regex/regexec.c when processing a crafted regular expression...

DEBIAN-CVE-2017-9729

In uClibc 0.9.33.2, there is stack exhaustion uncontrolled recursion in the checkdstlimitscalcpos1 function in misc/regex/regexec.c when processing a crafted regular expression...

CVE-2017-9728

CVE-2017-9728 affects uClibc 0.9.33.2, with an out-of-bounds read in the get_subexp function of misc/regex/regexec.c when processing a crafted regular expression. The connected sources consistently describe this exact issue; no remediation or patch details are provided in the supplied documents. ...

CVE-2017-9728

In uClibc 0.9.33.2, there is an out-of-bounds read in the getsubexp function in misc/regex/regexec.c when processing a crafted regular expression...

CVE-2017-9729

In uClibc 0.9.33.2, there is stack exhaustion uncontrolled recursion in the checkdstlimitscalcpos1 function in misc/regex/regexec.c when processing a crafted regular expression...

CVE-2017-9728

In uClibc 0.9.33.2, there is an out-of-bounds read in the getsubexp function in misc/regex/regexec.c when processing a crafted regular expression...

CVE-2017-9729

In uClibc 0.9.33.2, there is stack exhaustion uncontrolled recursion in the checkdstlimitscalcpos1 function in misc/regex/regexec.c when processing a crafted regular expression...

[SECURITY] Fedora 26 Update: yara-3.6.0-1.fc26

YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...

CVE-2017-4971: Spring WebFlow remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

Spring severe of these vulnerabilities have traditionally not too much, before the more serious that problem is Spring's JavaBean automatic binding function, the result can be control class, which can lead to the use of certain characteristics of the execution of arbitrary code, but that...

Internet Bug Bounty: PHP mbstring / Oniguruma multiple remote heap/stack corruptions

Oniguruma 1 by K. Kosako is a BSD licensed regular expression library that supports a variety of character encodings. The Ruby programming language, in version 1.9, as well as PHP's multi-byte string module since PHP5, use Oniguruma as their regular expression engine. It is also used in products...