Design/Logic Flaw

A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lysparsepath parsing...

PYSEC-2020-188

A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lysparsepath parsing...

PYSEC-2020-169

A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lysparsepath parsing...

UBUNTU-CVE-2019-20396

A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lysparsepath parsing...

CVE-2019-20396

A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lysparsepath parsing...

CVE-2019-20396

A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lysparsepath parsing...

PT-2020-1240 · Libyang · Libyang

Name of the Vulnerable Software and Affected Versions: libyang versions prior to v1.0-r1 Description: A segmentation fault is present in yyparse due to a malformed pattern statement value during lys parse path parsing. Recommendations: For versions prior to v1.0-r1, update to v1.0-r1 or later to...

Updated oniguruma packages fix security vulnerabilities

Updated oniguruma packages fix security vulnerabilities: A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a...

ASTPP 4.0.1 VoIP Billing - Database Backup Download Vulnerability

Exploit for linux platform in category web applications Exploit Title: ASTPP 4.0.1 VoIP Billing - Database Backup Download Exploit Author: Fabien AUNAY Vendor Homepage: https://www.astppbilling.org/ Software Link: https://github.com/iNextrix/ASTPP/tree/v4.0.1 Version: 4.0.1 vendor default setup...

ASTPP 4.0.1 VoIP Billing - Database Backup Download

Exploit Title: ASTPP 4.0.1 VoIP Billing - Database Backup Download Date: 2019-11-18 Exploit Author: Fabien AUNAY Vendor Homepage: https://www.astppbilling.org/ Software Link: https://github.com/iNextrix/ASTPP/tree/v4.0.1 Version: 4.0.1 vendor default setup script Tested on: Debian 9 - CentOS 7 CV...

CVE-2018-1304

The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...

OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Concurrency. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

XSpear v1.3 - Powerfull XSS Scanning And Parameter Analysis Tool

XSpear is XSS Scanner on ruby gems Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser with Selenium Testing request/response for XSS protection bypass and reflectedor all params Reflected Params All paramsfor blind xss, anytings Filtered test...

CVE-2018-1305

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that...

OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Concurrency. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

Pattern Live PC client suffers from dll hijacking vulnerability

Fancy Live is Tencent's live Internet interactive entertainment platform. Figure live PC version of the existence of dll hijacking vulnerability, attackers can use the vulnerability to execute arbitrary code...

Cera Intranet Community Theme 1.0.1 SQL Injection

=========================================================================================== Exploit Title: cera-intranet-community-theme SQL Inj. Dork: N/A Date: 29-12-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://themeforest.net/item/cera-intranet-community-theme/24872621 Softwar...

EulerOS 2.0 SP3 : tomcat (EulerOS-SA-2019-2675)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to...

Unspecified Vulnerability in Json Pattern Validator

Json Pattern Validator JPV is a JSON pattern validator . A security vulnerability exists in JPV versions prior to 2.1.1. Attackers can use the vulnerability to manipulate the results of type detection with the help of a specially crafted payload...

OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Concurrency. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...