PT-2016-2959 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 23.0.0.207 and earlier Adobe Flash Player versions 11.2.202.644 and earlier Description: The issue is caused by a buffer boundary error in the RegExp class of the Flash Player platform, related to the backtrack...

PT-2016-2961 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 23.0.0.207 and earlier Adobe Flash Player versions 11.2.202.644 and earlier Description: The issue is caused by a buffer boundary violation in the RegExp class of the Flash Player platform. It may allow a remote...

PT-2016-2958 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 23.0.0.207 and earlier Adobe Flash Player versions 11.2.202.644 and earlier Description: The issue is caused by a buffer boundary violation in the RegExp class for specific search strategies in the Flash Player...

CVE-2016-9857

An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

CVE-2016-9857

An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

Expression Engine 3.4.2: Code Reuse Attack

RIPS Analysis The analysis with RIPS took about 4 minutes. Overall, the code of Expression Engine seems to be very robust. Still our analysis results point out some vulnerabilities. RIPS detected mainly possibilities for a malicious user to embed HTML and JavaScript code via the administration...

SUSE-SU-2016:2971-1 Security update for pcre

This update for pcre to version 8.39 bsc972127 fixes several issues. If you use pcre extensively please be aware that this is an update to a new version. Please make sure that your software works with the updated version. This version fixes a number of vulnerabilities that affect pcre and...

Updated tre packages fix security vulnerability

The TRE library allows context-dependent attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted regular expression CVE-2015-3796. A vulnerability has been found in the tre package that could allow an attacker to perform controlled he...

CVE-2016-1249

The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service out-of-bounds read via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression...

pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)

PCRE before 8.38 mishandles the /?=di?=?1|?=./ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript...

CVE-2016-7239

The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting XSS attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."...

VBScript 5.8.7600.16385 / 5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read Exploit

Exploit for windows platform in category dos / poc !-- Source: http://blog.skylined.nl/20161108001.html Synopsis A specially crafted script can cause the VBScript engine to read data beyond a memory block for use as a regular expression. An attacker that is able to run such a script in any...

VBScript RegExpComp::PnodeParse Out-Of-Bounds Read

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the sixth entry in that series. The below information is available in more detail on my blog at http://blog.skylined.nl/20161108001.html. There you can find a repro th...

VBScript 5.8.7600.163855.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read

VBScript 5.8.7600.163855.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read !-- Source: http://blog.skylined.nl/20161108001.html Synopsis A specially crafted script can cause the VBScript engine to read data beyond a memory block for use as a regular expression. An attacker that is able to...

nodejs-tough-cookie: regular expression DoS via Cookie header with many semicolons

A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse an HTTP header with many semicolons could cause the application to consume an excessive amount of CPU...

HackerOne: Limited Open redirection using SSO-SAML

Hello, Endpoint: https://hackerone.com/users//saml/[email protected]&rememberme=true Recently, you have patched an open redirection issue which was reported as 171398. I found a bypass of that patch. Steps to reproduce: 1. Add following in comment/report :...

Limny 2.2 Expression Language Injection

======================================================================== | Title : limny 2.2 Expression language injection vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 8.1 FranASSais V.Pro | Version : 2.2 | Vendor : http://www.limny.org/ | Dork : n/a...

CentOS Update for tomcat CESA-2016:2046 centos7

Check the version of tomcat SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882575";...

Tomcat/JbossWeb: security manager bypass via EL expressions

It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections...

Apache Mina 2.0.13 - Remote Command Execution

Apache Mina 2.0.13 - Remote Command Execution. Webapps exploit for Java platform Apache Mina 2.0.13 - Remote Command Execution Abstract Apache Mina 2.0.13 uses the OGNL library in the “IoSessionFinder” class. Its constructor takes into parameter one OGNL expression. Then this expression is execut...