80 matches found
Andrew Appel on New Hampshire’s Election Audit
Really interesting two part analysis of the audit conducted after the 2020 election in Windham, New Hampshire. Based on preliminary reports published by the team of experts that New Hampshire engaged to examine an election discrepancy, it appears that a buildup of dust in the read heads of...
netty: HTTP request smuggling
A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF carriage return, line feed without being followed by SP space or HTAB horizontal tab, result in situations where headers can be misread. Dat...
netty: HTTP request smuggling
A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF carriage return, line feed without being followed by SP space or HTAB horizontal tab, result in situations where headers can be misread. Dat...
netty: HTTP request smuggling
A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF carriage return, line feed without being followed by SP space or HTAB horizontal tab, result in situations where headers can be misread. Dat...
HTTP Request Smuggling
netty-codec-http is vulnerable to HTTP request smuggling. The library does not detect if a colon is missing when parsing HTTP headers. This allows an attacker to smuggle HTTP requests via an invalid line fold...
DEBIAN-CVE-2019-20444
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."...
Design/Logic Flaw
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."...
CVE-2019-20444
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."...
Advanced Policy Firewall: APF
Advanced Policy Firewall APF is an iptablesnetfilter based firewall system designed around the essential needs of today’s Internet deployed servers and the unique needs of custom deployed Linux installations. The configuration of APF is designed to be very informative and present the user with an...
The vulnerability of the Oniguruma library, related to writing beyond the buffer boundaries on the stack, allows a hacker to cause a service failure.
The vulnerability of the Oniguruma library exists due to the improper handling of the code position 0xFFFFFFFF in the unicodeunfoldkey function during the compilation of regular expressions. As a result, when the nigencunicodegetcasefoldcodesbystr function is called, 4 bytes will be written at th...
CVE-2017-11100
When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swfFoldSprite function in lib/rxfswf.c...
Oniguruma 'onigenc_unicode_get_case_fold_codes_by_str()' function stack buffer overflow vulnerability
mbstring Multi-Byte String is a language encoding extension library in PHP PHP: Hypertext Preprocessor; Oniguruma-mod is a regular expression library in Ruby programming language.Oniguruma is one of the a regular expression engine. A stack buffer overflow vulnerability exists in the...
WikLink 0.1.3 SQL Injection
www.eVuln.com advisory: "fold" and "site" SQL Injections in WikLink Summary: http://evuln.com/vulns/172/summary.html Details: http://evuln.com/vulns/172/description.html -----------Summary----------- eVuln ID: EV0172 Software: WikLink Vendor: n/a Version: 0.1.3 Critical Level: medium Type: SQL...
DB2 database ASCII half-fold method-injection method-vulnerability warning-the black bar safety net
Go from:Zhu Commander-in-chief DB2 database ASCII half-fold method injection method UNION way is temporarily not available. research, the air then toss, the project has encountered a DB2 database, the Internet wasn't full of information, shoving the whole of this part, the first Strip and the...
UoW pop2d Remote File Retrieval Vulnerability
This module exploits a vulnerability in the FOLD command of the University of Washington ipop2d service. By specifying an arbitrary folder name it is possible to retrieve any file which is world or group readable by the user ID of the POP account. This vulnerability can only be exploited with a...
DEBIAN-CVE-2005-2368
vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the 1 glob or 2 expand commands of a foldexpr expression for calculating fold levels...
CVE-2005-2368
vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the 1 glob or 2 expand commands of a foldexpr expression for calculating fold levels...
ipop2d fold Command Arbitrary File Access
Binary data 1783.prm...
CVE-1999-0920
CVE-1999-0920 affects the pop-2d POP daemon in the IMAP package. The root cause is a buffer overflow triggered by the FOLD command, enabling remote attackers to gain privileges. Public references describe the issue as high-severity with a network‑vectored, low‑complexity exploit and a CVSS v2 bas...
CVE-1999-0920
Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command...