38 matches found
Regexploit - Find Regular Expressions Which Are Vulnerable To ReDoS (Regular Expression Denial Of Service)
Find regexes which are vulnerable to Regular Expression Denial of Service ReDoS. More info onthe Doyensec blog Many default regular expression parsers have unbounded worst-case complexity. Regex matching may be quick when presented with a matching input string. However, certain non-matching input...
Regular Expression Denial Of Service (ReDoS)
browserslist is vulnerable to regular expression denial of service. Usage of an insecure regex allows an attacker to cause a denial of service condition via a malicious string...
CVE-2020-1898
The fbunserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58....
Regular Expression Denial-of-Service (ReDoS)
activerecord is vulnerable to regular expression denial of service. The insecure regex used to validated the money type of the PostgreSQL adapter results in long periods of processing and allows an attacker to potentially crash the application via a malicious string...
PT-2021-17146 · Markdown2 +1 · Markdown2 +1
Name of the Vulnerable Software and Affected Versions: markdown2 versions 1.0.1.18 through 2.3.x Description: The issue allows an attacker to cause a denial of service by providing a malicious string, making markdown2 processing difficult or delayed for an extended period. This occurs due to a...
Regular Expression Denial Of Service (ReDoS)
nwmatcher is vulnerable to regular expression denial of service. The use of multiple repeated instances of the "\s" in regular expressionPatterns allows an attacker to crash the application via a malicious string...
Regular Expression Denial Of Service (ReDoS)
marked is vulnerable to regular expression denial of service. The usage of an insecure regex allows an attacker to crash the application via malicious string...
Regular Expression Denial Of Service (ReDoS)
semver-regex is vulnerable to regular expression denial of service. An attacker is able to crash the application by submitting a malicious string as a version number...
Denial Of Service (DoS)
samba is vulnerable to denial of service. The application does not verify device name and mountpoint strings, allowing local users to crash the application via a malicious string...
Unspecified Vulnerability in Apple macOS Catalina CUPS Component
Apple macOS Catalina is a set of Apple's proprietary operating systems developed specifically for Mac computers.CUPS is one of the open source printing system components for OS X and Unix-like systems. A security vulnerability exists in the CUPS component in Apple macOS Catalina versions prior to...
GHSA-HXCM-V35H-MG2X Prototype Pollution in querystringify
A vulnerability was found in querystringify before 2.0.0. It's possible to override built-in properties of the resulting query string object if a malicious string is inserted in the query string...
MGASA-2017-0371 Updated ruby packages fix security vulnerabilities
If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby interpreter may crash CVE-2017-0898. If a malicious string is passed to th...
PHPNuke 6.0/6.5 Forum Module Viewtopic.php SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7193/info It has been reported that an input validation error exists in the 'viewtopic.php' script included with PHPNuke as part of the Forum module. Because of this, an attacker could send a malicious string through...
Logwatch 2.6 Secure Script Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13273/info Logwatch is prone to a denial of vulnerability in the secure script. This issue may be exploited by a local attacker who can inject a malicious string into a log file, causing a denial of service condition. As ...
Localize: XSS in main page
If a project name is saved with a XSS string such as: “!-- and a translator visits it, it'll result in the xss executing in the main page, due to the fact that it shows your recent visits. Screen: http://prntscr.com/3awwuv...
Logwatch 2.6 Secure Script - Denial of Service
Logwatch 2.6 Secure Script - Denial of Service source: https://www.securityfocus.com/bid/13273/info Logwatch is prone to a denial of vulnerability in the secure script. This issue may be exploited by a local attacker who can inject a malicious string into a log file, causing a denial of service...
CVE-1999-0437
CVE-1999-0437 affects WebRamp systems. Remote attackers can trigger a denial-of-service by sending a malicious string to the HTTP port. The CVSSv2 base score is 5.0 (Medium) with network access, low attack complexity, and partial impact on availability. Public details across connected records con...
PT-1999-1120 · Alcatel · Webramp
Name of the Vulnerable Software and Affected Versions: WebRamp affected versions not specified Description: Remote attackers can perform a denial of service in WebRamp systems by sending a malicious string to the "HTTP port". Recommendations: At the moment, there is no information about a newer...