Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description CSRF bug to validate inventory 🕵️‍♂️ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when validate inventory ....

GHSA-7F53-FMMV-MFJV Regular expression denial of service in react-native

A regular expression denial of service ReDoS vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1...

PHP 7.4.x < 7.4.21 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 7.3.x prior to 7.3.29, 7.4.x prior to 7.4.21, or 8.x prior to 8.0.8. It is, therefore, affected by multiple vulnerabilities: - Server-Side Request Forgery SSRF bypass in FILTERVALIDATEURL...

PT-2021-3390 · Phpmailer +3 · Phpmailer +3

Name of the Vulnerable Software and Affected Versions: PHPMailer versions 6.4.1 and earlier Description: The issue is related to the validateAddress function in PHPMailer, which can lead to the execution of untrusted code if such code is injected into the host project's scope by other means. This...

WordPress Video Embed plugin SQL Injection Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an application plugin for WordPress. A SQL injection vulnerability exists in WordPress Vide...

React Native代码问题漏洞

React Native is an open source JavaScript framework. It is used to build user interfaces and native applications. A code issue vulnerability exists in react-native version 0.59.0, which stems from a regular expression in the validateBaseUrl function that could cause an application to use too many...

PT-2021-10305 · Facebook · React Native

Name of the Vulnerable Software and Affected Versions: react-native versions 0.59.0 through 0.64.1 Description: A regular expression denial of service ReDoS vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash...

PT-2021-8194 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a function in the Linux kernel's amdgpu driver, specifically the validate bksv function in the hdcp1 execution.c module. This function is vulnerable to a buffer...

GSD-2021-1000107 NFS: fs_context: validate UDP retrans to prevent shift out-of-bounds

NFS: fscontext: validate UDP retrans to prevent shift out-of-bounds This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.11.20 by commit...

Regular Expression Denial of Service

Overview npm-user-validate before 1.0.1 is vulnerable to regular expression denial of service. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters. Recommendation Upgrade to version 1.0.1 or later References - CVE - GitHub Advis...

@motowhere/nodemailer-mock-transport (=1.3.1), @nexdrew/newww (>=0.0.1 <=0.0.2) +27 more potentially affected by CVE-2020-7754 via npm-user-validate (>=0.0.3 <=0.1.5)

npm-user-validate NPM version =0.0.3, =0.0.1, =2.0.3, =3.1.0-alpha.0, =2.0.2, =2.0.1, =2.0.2, =2.0.2, =2.0.2, =2.0.2, =0.0.1, =0.0.29, =2.0.0, =0.4.0, =0.5.0 and more Source cves: CVE-2020-7754 Source advisory: OSV:GHSA-PW54-MH39-W3HC...

GHSA-PW54-MH39-W3HC Regular expression denial of service in npm-user-validate

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

Regular expression denial of service in npm-user-validate

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

SUSE: Security Advisory (SUSE-SU-2018:2814-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UPchieve: Hyper Link Injection while signup

Summary: Attacker can add their name to a URL in order to send email containing malicious hyperlinks. while signup Steps To Reproduce: 1-Go to https://app.upchieve.org and create account with the first name http://attacker.com/ and last name . 2-Now check your email and you notice there is...

OTRS 6.0.x <= 7.0.24, 8.0.x <= 8.0.11 ReDoS Vulnerability

OTRS is prone to a regular expression denial of service ReDoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Unspecified Bypass Vulnerability in Data-Validate-IP

Data-Validate-IP is an open source application by Dave Rolsky. Provides IPv4 and IPv6 validation methods. Data-Validate-IP version before 0.29 has a security vulnerability that can be exploited by attackers to bypass IP address-based access control...

DEBIAN-CVE-2021-29662

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...

CVE-2021-29662

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...

CVE-2021-29662

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...