google forms project google forms vulnerabilities and exploits

(subscribe to this query)

The Google Forms WordPress plugin up to and including 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in...

Google Forms Project Google Forms

The wpgform plugin prior to 0.94 for WordPress has eval injection in the CAPTCHA calculation.

Google Forms Project Google Forms

Perl-Compatible Regular Expression (PCRE) library prior to 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent malicious users to cause a denial of service (crash) and ...

Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the act...

2 Github repositories

Perl-Compatible Regular Expression (PCRE) library prior to 7.3 allows context-dependent malicious users to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.

Perl-Compatible Regular Expression (PCRE) library prior to 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent malicious users to cause a denial of service (crash), possibly involving forward references.

Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library prior to 7.3 allow context-dependent malicious users to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences.

Perl-Compatible Regular Expression (PCRE) library prior to 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent malicious users to cause a denial of service (infinite loop or crash) or execute ar...

Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library prior to 7.3 allows context-dependent malicious users to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.

Perl-Compatible Regular Expression (PCRE) library prior to 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent malicious users to obtain sensitive information or cause a denial of service (crash), ...

Pcre Perl-compatible Regular Expression Library 7.0 Pcre Perl-compatible Regular Expression Library Pcre Perl-compatible Regular Expression Library 7.1 Apple Mac Os X Server 10.4.11 Apple Mac Os X 10.4.11

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook