17 matches found
Incorrect Regular Expression
Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Incorrect Regular Expression in the route URL requirements when a requirement is set as an alternation such as locale: 'ar|bg|...|vi|...|zhCN'...
Incorrect Regular Expression
Overview fastify is an overhead web framework, for Node.js. Affected versions of this package are vulnerable to Incorrect Regular Expression in the Content-Type header validation. An attacker can cause the server to incorrectly process requests with malformed Content-Type headers by sending value...
Incorrect Regular Expression
Overview org.webjars.npm:fast-xml-parser is a Validate XML, Parse XML, Build XML without C/C++ based libraries Affected versions of this package are vulnerable to Incorrect Regular Expression in the entity parsing RegEx in DOCTYPE declarations. An attacker can inject arbitrary values that overrid...
Incorrect Regular Expression
Overview fast-xml-parser is a Validate XML, Parse XML, Build XML without C/C++ based libraries Affected versions of this package are vulnerable to Incorrect Regular Expression in the entity parsing RegEx in DOCTYPE declarations. An attacker can inject arbitrary values that override built-in XML...
Incorrect Regular Expression
Overview litestar is a Litestar - A production-ready, highly performant, extensible ASGI API Framework Affected versions of this package are vulnerable to Incorrect Regular Expression via the allowedhosts host validation. An attacker can gain unauthorized access by supplying a specially crafted...
EUVD-2014-9079
Malware in sbrugna...
EUVD-2017-8990
Malware in sbrugna...
CVE-2024-6641
The CVE describes a vulnerability in the WordPress plugin WP Hardening – Fix Your WordPress Security, affecting all versions up to 1.2.6. Root cause: an incorrect regular expression in the Stop User Enumeration feature, enabling unauthenticated attackers to bypass security checks and reveal site ...
CVE-2024-2223
An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux...
CVE-2017-5677
PEAR HTMLAJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression...
Design/Logic Flaw
PEAR HTMLAJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression...
CVE-2017-5677
PEAR HTMLAJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression...
CVE-2015-1042
The stringsanitizeurl function in core/stringapi.php in MantisBT 1.2.0a3 through 1.2.18 uses an incorrect regular expression, which allows remote attackers to conduct open redirect and phishing attacks via a URL with a ":/" colon slash separator in the return parameter to loginpage.php, a differe...
Open redirect
The stringsanitizeurl function in core/stringapi.php in MantisBT 1.2.0a3 through 1.2.18 uses an incorrect regular expression, which allows remote attackers to conduct open redirect and phishing attacks via a URL with a ":/" colon slash separator in the return parameter to loginpage.php, a differe...
CVE-2015-1042
The stringsanitizeurl function in core/stringapi.php in MantisBT 1.2.0a3 through 1.2.18 uses an incorrect regular expression, which allows remote attackers to conduct open redirect and phishing attacks via a URL with a ":/" colon slash separator in the return parameter to loginpage.php, a differe...
Authentication flaw
denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service incorrect block of IP addresses via crafted login names...
Design/Logic Flaw
lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service infinite loop via a crafted Content-Disposion header...