Lucene search
K

38 matches found

Kitploit
Kitploit
added 2021/07/20 12:30 p.m.504 views

Regexploit - Find Regular Expressions Which Are Vulnerable To ReDoS (Regular Expression Denial Of Service)

Find regexes which are vulnerable to Regular Expression Denial of Service ReDoS. More info onthe Doyensec blog Many default regular expression parsers have unbounded worst-case complexity. Regex matching may be quick when presented with a matching input string. However, certain non-matching input...

7.5CVSS7.7AI score0.06617EPSS
Exploits9References19
Veracode
Veracode
added 2021/04/23 1:46 a.m.32 views

Regular Expression Denial Of Service (ReDoS)

browserslist is vulnerable to regular expression denial of service. Usage of an insecure regex allows an attacker to cause a denial of service condition via a malicious string...

5.3CVSS5.4AI score0.02429EPSS
Exploits1References3Affected Software2
OSV
OSV
added 2021/03/11 1:15 a.m.18 views

CVE-2020-1898

The fbunserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58....

7.5CVSS6.8AI score
Exploits0References2
Veracode
Veracode
added 2021/03/03 4:48 a.m.29 views

Regular Expression Denial-of-Service (ReDoS)

activerecord is vulnerable to regular expression denial of service. The insecure regex used to validated the money type of the PostgreSQL adapter results in long periods of processing and allows an attacker to potentially crash the application via a malicious string...

7.5CVSS5.1AI score0.04434EPSS
Exploits1References9Affected Software1
Positive Technologies
Positive Technologies
added 2021/03/03 12:0 a.m.5 views

PT-2021-17146 · Markdown2 +1 · Markdown2 +1

Name of the Vulnerable Software and Affected Versions: markdown2 versions 1.0.1.18 through 2.3.x Description: The issue allows an attacker to cause a denial of service by providing a malicious string, making markdown2 processing difficult or delayed for an extended period. This occurs due to a...

8.7CVSS6.7AI score0.02384EPSS
Exploits1References32
Veracode
Veracode
added 2021/02/26 7:29 a.m.11 views

Regular Expression Denial Of Service (ReDoS)

nwmatcher is vulnerable to regular expression denial of service. The use of multiple repeated instances of the "\s" in regular expressionPatterns allows an attacker to crash the application via a malicious string...

4AI score
Exploits0
Veracode
Veracode
added 2021/02/09 6:6 a.m.15 views

Regular Expression Denial Of Service (ReDoS)

marked is vulnerable to regular expression denial of service. The usage of an insecure regex allows an attacker to crash the application via malicious string...

7.5CVSS4AI score0.02462EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2021/01/08 3:51 a.m.13 views

Regular Expression Denial Of Service (ReDoS)

semver-regex is vulnerable to regular expression denial of service. An attacker is able to crash the application by submitting a malicious string as a version number...

4.8AI score
Exploits0
Veracode
Veracode
added 2020/04/10 12:51 a.m.31 views

Denial Of Service (DoS)

samba is vulnerable to denial of service. The application does not verify device name and mountpoint strings, allowing local users to crash the application via a malicious string...

2.1CVSS4.6AI score0.00488EPSS
Exploits1References10Affected Software2
CNVD
CNVD
added 2019/11/05 12:0 a.m.1 views

Unspecified Vulnerability in Apple macOS Catalina CUPS Component

Apple macOS Catalina is a set of Apple's proprietary operating systems developed specifically for Mac computers.CUPS is one of the open source printing system components for OS X and Unix-like systems. A security vulnerability exists in the CUPS component in Apple macOS Catalina versions prior to...

9.8CVSS7.4AI score0.01054EPSS
Exploits0References1
OSV
OSV
added 2019/06/07 9:12 p.m.18 views

GHSA-HXCM-V35H-MG2X Prototype Pollution in querystringify

A vulnerability was found in querystringify before 2.0.0. It's possible to override built-in properties of the resulting query string object if a malicious string is inserted in the query string...

7AI score
Exploits0References2
OSV
OSV
added 2017/10/18 8:19 p.m.7 views

MGASA-2017-0371 Updated ruby packages fix security vulnerabilities

If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby interpreter may crash CVE-2017-0898. If a malicious string is passed to th...

9.8CVSS8.8AI score0.16412EPSS
Exploits2References9
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

PHPNuke 6.0/6.5 Forum Module Viewtopic.php SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7193/info It has been reported that an input validation error exists in the 'viewtopic.php' script included with PHPNuke as part of the Forum module. Because of this, an attacker could send a malicious string through...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

Logwatch 2.6 Secure Script Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13273/info Logwatch is prone to a denial of vulnerability in the secure script. This issue may be exploited by a local attacker who can inject a malicious string into a log file, causing a denial of service condition. As ...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2014/04/17 6:56 p.m.21 views

Localize: XSS in main page

If a project name is saved with a XSS string such as: “!-- and a translator visits it, it'll result in the xss executing in the main page, due to the fact that it shows your recent visits. Screen: http://prntscr.com/3awwuv...

0.7AI score
Exploits0
exploitpack
exploitpack
added 2005/04/20 12:0 a.m.15 views

Logwatch 2.6 Secure Script - Denial of Service

Logwatch 2.6 Secure Script - Denial of Service source: https://www.securityfocus.com/bid/13273/info Logwatch is prone to a denial of vulnerability in the secure script. This issue may be exploited by a local attacker who can inject a malicious string into a log file, causing a denial of service...

7.3AI score
Exploits0
CVE
CVE
added 1999/09/29 4:0 a.m.51 views

CVE-1999-0437

CVE-1999-0437 affects WebRamp systems. Remote attackers can trigger a denial-of-service by sending a malicious string to the HTTP port. The CVSSv2 base score is 5.0 (Medium) with network access, low attack complexity, and partial impact on availability. Public details across connected records con...

5CVSS7AI score0.01823EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 1999/03/01 12:0 a.m.4 views

PT-1999-1120 · Alcatel · Webramp

Name of the Vulnerable Software and Affected Versions: WebRamp affected versions not specified Description: Remote attackers can perform a denial of service in WebRamp systems by sending a malicious string to the "HTTP port". Recommendations: At the moment, there is no information about a newer...

5CVSS6.4AI score0.01823EPSS
Exploits0References2
Rows per page
Query Builder