9265 matches found
Mindoktor: Vulnerable Mobile Phone configuration
Information I've found that when you register in "https://clinic.mindoktor.se/user/register", there is a specific field that says: "Mobile Phone - is needed to receive one-time codes via SMS". According to the description: You need your mobile phone every time you log in, so for every login an sm...
FreeBSD : FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3) (70140f20-6007-11e6-a6c3-14dae9d210b8)
A specifically crafted Composite Document File CDF file can trigger an out-of-bounds read or an invalid pointer dereference. CVE-2012-1571 A flaw in regular expression in the awk script detector makes use of multiple wildcards with unlimited repetitions. CVE-2013-7345 A malicious input file could...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise security update
An update is now available for Red Hat OpenShift Enterprise 3.1 and Red Hat OpenShift Enterprise 3.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
nodejs-minimatch: Regular expression denial-of-service
A regular expression denial of service flaw was found in Minimatch. An attacker able to make an application using Minimatch to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU...
Moderate: Red Hat Security Advisory: nodejs010-nodejs-minimatch security update
An update for nodejs010-nodejs-minimatch is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: Red Hat Security Advisory: rh-nodejs4-nodejs-minimatch security update
An update for rh-nodejs4-nodejs-minimatch is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
ReDoS via long string of semicolons
Overview Affected versions of tough-cookie may be vulnerable to regular expression denial of service when long strings of semicolons exist in the Set-Cookie header. Recommendation Update to version 2.3.0 or later. References GitHub Advisory...
The vulnerability of the Apache Struts software platform, which allows a hacker to execute arbitrary code
The vulnerability of the REST plugin for the Apache Struts software platform exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created expression...
PT-2018-17919 · Node.Js +2 · Node.Js +2
Name of the Vulnerable Software and Affected Versions: Node.js versions 4.x Description: The issue concerns a potential regular expression denial of service ReDoS vector in the 'path' module. This module is used for various path parsing functions, including path.dirname, path.extname, and...
Spring Boot Framework SPEL Expression Injection Vulnerability
Spring is a lightweight Java development framework . Spring Boot is a core subproject of Spring , which is designed to simplify the initial setup of new Spring applications and the development process . Spring Boot Framework SPEL Expression Injection Vulnerability. As the user adopts Spring Boot ...
CVE-2016-1000022
A regular expression denial of service flaw was found in Negotiator. An attacker able to make an application using Negotiator to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU...
Spring Boot framework the expression injection vulnerability
No description provided by source...
Adobe Reader DC if XSLT Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
Adobe Reader DC apply-templates XSLT Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
Adobe Reader DC copy-of XSLT Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
CVE-2016-4438
The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression...
CVE-2016-4438
The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression...
Apache Struts 2 REST Plugin OGNL Expression Handling RCE
The remote web application appears to use Apache Struts 2, a web framework that utilizes OGNL Object-Graph Navigation Language as an expression language. A remote code execution vulnerability exists in the REST plugin due to improper handling of OGNL expressions. An unauthenticated, remote attack...
OpenAFS Multiple Vulnerabilities - 01 - Windows
OpenAFS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openafs:openafs"; ifdescription...
Ubuntu 14.04 LTS / 16.04 LTS : Oxide vulnerabilities (USN-2992-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2992-1 advisory. An unspecified security issue was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could...