26 matches found
BIT-LIBPHP-2024-4577 Argument Injection in PHP-CGI
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
CVE-2024-8067
In versions of Helix Core prior to 2024.1 Patch 2 2024.1/2655224 a Windows ANSI API Unicode "best fit" argument injection was identified...
SUSE CVE-2024-4577
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
CVE-2024-47611
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows MinGW-w64 or MSVC, the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters for exampl...
SUSE CVE-2024-45720
On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables e.g., svn.exe, etc. may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line...
DEBIAN-CVE-2024-8926
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows...
SUSE CVE-2024-47611
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows MinGW-w64 or MSVC, the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters for exampl...
CVE-2024-47611
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows MinGW-w64 or MSVC, the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters for exampl...
CVE-2024-47611 XZ Utils on Microsoft Windows platform are vulnerable to argument injection
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows MinGW-w64 or MSVC, the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters for exampl...
CVE-2024-47611
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows MinGW-w64 or MSVC, the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters for exampl...
CVE-2024-8067
In versions of Helix Core prior to 2024.1 Patch 2 2024.1/2655224 a Windows ANSI API Unicode "best fit" argument injection was identified...
Perforce Helix Core 安全漏洞
Perforce Helix Core is a scalable and secure version control system from Perforce. A security vulnerability exists in Perforce Helix Core prior to version 2024.1 Patch 2, which stems from the best fit parameter containing a parameter injection vulnerability...
CVE-2024-8067 Unicode "best fit" argument injection
In versions of Helix Core prior to 2024.1 Patch 2 2024.1/2655224 a Windows ANSI API Unicode "best fit" argument injection was identified...
CVE-2024-8067
CVE-2024-8067 affects Perforce Helix Core prior to 2024.1 Patch 2 (2024.1/2655224). The issue is a Windows ANSI API Unicode “best fit” argument injection in Helix Core, caused by the best fit parameter handling. Public sources consistently describe this as a parameter injection vulnerability that...
PT-2024-38783 · Perforce · Helix Core
Name of the Vulnerable Software and Affected Versions: Helix Core versions prior to 2024.1 Patch 2 Description: A Windows ANSI API Unicode "best fit" argument injection issue was identified. Recommendations: For versions prior to 2024.1 Patch 2, update to 2024.1 Patch 2 or later to resolve the...
curl: Incorrect Encoding Conversion in hostname results in indeterminate SSRF vulnerabilities
Vulnerability description not provided...
curl: Unicode-to-ASCII conversion on Windows can lead to argument injection and more
Vulnerability description not provided...
Exploit for OS Command Injection in Php
CVE-2024-4577 This is a PoC for PHP CVE-2024-4577. Introdu...
AZL-42424 CVE-2024-4577 affecting package php for versions less than 8.1.29-1
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
AZL-42433 CVE-2024-4577 affecting package php for versions less than 8.3.8-1
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...