regular software vulnerabilities
vulnerabilities.aspcode.net
Searching regular software vulnerabilities
emumail.cgi in EMU Webmail 5.0 allows remote at
containing
|
expression
|
emumailcgi
|
determine
|
generates
|
malformed
|
resulting
|
attackers
|
includes
|
matching
|
pathname
|
message
|
Webmail
|
regular
|
allows
|
remote
|
string
|
script
|
error
|
which
|
full
|
EMU
|
via
|
emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message.
phpSquidPass before 0.2 uses an incomplete regu
authenticated
|
phpSquidPass
|
effectively
|
incomplete
|
expression
|
attackers
|
usernames
|
database
|
targeted
|
username
|
matching
|
matches
|
regular
|
delete
|
before
|
allows
|
remote
|
short
|
other
|
which
|
uses
|
find
|
its
|
end
|
via
|
phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted username.
Unspecified vulnerability in meindlSOFT Cute PH
vulnerability
|
Unspecified
|
meindlSOFT
|
Library
|
Cute
|
PHP
|
Unspecified vulnerability in meindlSOFT Cute PHP Library (aka cphplib) 0.46 has unknown impact and attack vectors, related to regular expressions.
Directory traversal vulnerability in the true_p
vulnerability
|
true_path
|
privatepy
|
Directory
|
traversal
|
function
|
Mailman
|
Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.
viewtopic.php in phpBB 2.0.12 and earlier allow
viewtopicphp
|
phpBB
|
viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message.
The secure script in LogWatch before 2.6-2 allo
processing
|
expression
|
malicious
|
detecting
|
"logwatch
|
attackers
|
activity
|
LogWatch
|
certain
|
strings
|
regular
|
prevent
|
parser
|
secure
|
causes
|
before
|
allows
|
script
|
which
|
later
|
crash
|
DoS"
|
file
|
26-2
|
used
|
part
|
via
|
aka
|
log
|
The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in the secure file that are later used as part of a regular expression, which causes the parser to crash, aka "logwatch log processing regular expression DoS."
Integer overflow in pcre_compile.c in Perl Comp
pcre_compilec
|
Expressions
|
Compatible
|
overflow
|
Regular
|
Integer
|
Perl
|
Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
usercp_register.php in phpBB 2.0.17 allows remo
usercp_registerphp
|
phpBB
|
usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement.
squid_redirect script in adzapper before 2006-0
squid_redirect
|
2006-01-29
|
attackers
|
adzapper
|
service
|
denial
|
remote
|
before
|
script
|
allows
|
cause
|
squid_redirect script in adzapper before 2006-01-29 allows remote attackers to cause a denial of service (CPU consumption) via a URL with a large number of trailing / (forward slashes), which might produce inefficient regular expressions.
Directory traversal vulnerability in index.php
vulnerability
|
Coppermine
|
Directory
|
traversal
|
indexphp
|
Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences.
The spellchecker (spellcheck.php) in DokuWiki 2
spellchecker
|
The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier.
Buffer overflow in the JavaScript implementatio
implementation
|
JavaScript
|
overflow
|
Safari
|
Buffer
|
Apple
|
Mac
|
Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression.
The Intrusion Prevention System (IPS) feature f
Prevention
|
Intrusion
|
System
|
The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets.
Mozilla Firefox before 1.5.0.10 and 2.x before
Firefox
|
Mozilla
|
before
|
Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.
nukesentinel.php in NukeSentinel 2.5.06 and ear
nukesentinelphp
|
NukeSentinel
|
nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172.
The gnu regular expression code in file 4.20 al
expression
|
regular
|
code
|
file
|
gnu
|
The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.
Microsoft Internet Explorer 7 allows remote att
attackers
|
Microsoft
|
Explorer
|
Internet
|
service
|
denial
|
allows
|
remote
|
cause
|
Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (browser hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
(1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeas
(1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
Apple Safari allows remote attackers to cause a
attackers
|
service
|
denial
|
remote
|
Safari
|
allows
|
Apple
|
cause
|
Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
Konqueror 3.5.5 release 45.4 allows remote atta
Konqueror
|
Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
Software vulnerabilities results 1 to 20 of 50
Page:
1
2
3
►