Webmin 1.920 Remote Root

!/usr/bin/perl -w Webmin 1.920 Remote Root Exploit Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor Donev is not liable for any damages caused by dire...

Regular Expression Denial Of Service (ReDoS)

useragent is vulnerable to regular expression denial of service ReDoS. The attacker can edit the useragent header to include a long useragent string containing long numbers or letters exhausting the CPU via an event loop and eventually crashing the server...

CVE-2019-6979

An issue was discovered in the User IP History Logs aka IPHistoryLogs plugin 1.0.2 for MyBB. There is XSS via the admin/modules/tools/iphistorylogs.php useragent field...

Joomla AMGallery 1.2.3 Component - filter_category_id SQL Injection Exploit

Exploit for php platform in category web applications Exploit Title: Joomla! Component AMGallery 1.2.3 - 'filtercategoryid' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://arenam.ru/ Software Link:...

Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection

Exploit Title: Joomla! Component AMGallery 1.2.3 - 'filtercategoryid' SQL Injection Exploit Author: Ihsan Sencan Dork: N/A Date: 2018-09-18 Vendor Homepage: http://arenam.ru/ Software Link: https://extensions.joomla.org/extensions/extension/photos-a-images/galleries/amgallery/ Version: 1.2.3...

ReDoS via long UserAgent header in useragent

Affected versions of useragent are vulnerable to regular expression denial of service when an arbitrarily long User-Agent header is parsed. Proof of Concept js var useragent = require'useragent'; var badUserAgent = 'MSIE 0.0'+Array900000.join'0'+'XBLWP'; var request = 'GET / HTTP/1.1\r\nUser-Agen...

GHSA-PJMX-9XR3-82QR ReDoS via long UserAgent header in useragent

Affected versions of useragent are vulnerable to regular expression denial of service when an arbitrarily long User-Agent header is parsed. Proof of Concept js var useragent = require'useragent'; var badUserAgent = 'MSIE 0.0'+Array900000.join'0'+'XBLWP'; var request = 'GET / HTTP/1.1\r\nUser-Agen...

ReDoS via long UserAgent header in ua-parser

Affected versions of ua-parser are vulnerable to regular expression denial of service when given a specially crafted User-Agent header. Recommendation No patch is currently available for this vulnerability. The best mitigation is currently to avoid using this package, using a different,...

Cross-site Scripting (XSS)

express-useragent is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of the user-agent header, allowing XSS attacks to occur...

userSpice 4.3.24 X-Forwarded-For Cross Site Scripting

Exploit Title: userSpice 4.3.24 - 'X-Forwarded-For' Cross-Site Scripting Date: 2018-06-10 Author: Dolev Farhi Vendor or Software Link: www.userspice.com Version: 4.3.24 Tested on: Ubuntu Payload will get executed when admin visits the audit log page !/usr/bin/perl use strict; use LWP::UserAgent;...

CVE-2017-16030

Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier...

CVE-2017-16086

ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS Regular Expression Denial of Service attack when given a specially crafted UserAgent header...

CVE-2017-16086

CVE-2017-16086 affects the ua-parser-js module (ua-parser) and can be triggered by a specially crafted User-Agent header, causing a Regular Expression Denial of Service (ReDoS). The vulnerability is documented with a CVSS v3.0 base score of 7.5 (HIGH) and visible in NVD; a prior v2.0 score is 5.0...

CVE-2017-16086

ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS Regular Expression Denial of Service attack when given a specially crafted UserAgent header...

Node.js third-party modules: XSS in express-useragent through HTTP User-Agent

Hello, I would like to report an XSS in express-useragent module due a lack of validating User-Agent header. Please note I already created an Github issue and asked for CVE CVE-2018-9863. I did not know about Node.js third-party modules on hackerone. Description express-useragent is simple...

CVE-2017-16030

Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier...

CVE-2017-16030

Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier...

Code injection

Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier...

CVE-2017-16030

CVE-2017-16030 affects the Node.js module responsible for parsing User-Agent strings (library in the useragent package). The vulnerability stems from the use of multiple regular expressions to parse headers, allowing an attacker to craft an arbitrarily long User-Agent header that can block the ev...

CVE-2017-16030

Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier...