EUVD-2013-7014

Malware in sbrugna...

CVE-2024-11695

CVE-2024-11695 describes a spoofing vulnerability in Mozilla Firefox and Thunderbird where a crafted URL containing Arabic script and whitespace could hide the page’s true origin, enabling spoofing. Affected versions: Firefox < 133 and Firefox ESR < 128.5; Thunderbird < 133 and Thunderbird

Lunary 安全漏洞

lunary is lunary open source a production toolkit for LLM . An email injection vulnerability exists in lunary, which allows an unauthenticated attacker to inject data into an outgoing email by bypassing the function using different space characters. No detailed vulnerability details are provided ...

PT-2024-6158

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Description The issue is related to a Windows MSHTML platform spoofing vulnerability, which allows attackers to execute arbitrary code remotely. This vulnerability has been exploited by the...

CLSA-2023-1689885583 python3: Fix of CVE-2023-24329

CVE-2023-24329: part2: Start stripping C0 control and space chars in urlsplit...

CLSA-2023-1689885237 python3: Fix of CVE-2023-24329

CVE-2023-24329: part2: Start stripping C0 control and space chars in urlsplit...

DEBIAN-CVE-2022-1834

When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown...

CVE-2022-37429

Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 2 via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters...

Stored XSS using HTMLEditor

A malicious content author could add a JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. An attacker must have access to the CMS to exploit this issue...

Protocol/Hostname spoofing via Improper Input Validation

Description The uri.js doesn't remove whitespace characters from the beginning of the protocol, so it doesn't parse URLs properly. Several methods, including http.get, location.href, and fetch, strip the whitespace character in front of the protocol before sending the request. Proof of Concept...

Fhg Fokus Kamailio Environmental Issues Vulnerabilities

Fhg Fokus Kamailio is an open source Sip server from the Fhg Fokus Institute in Germany. The server mainly supports IP telephony services. A security vulnerability exists in Kamailio versions prior to 5.4.0, which stems from a vulnerability that allows bypassing the header removal protection...

Regular Expression Denial Of Service (ReDoS)

remove-markdown is vulnerable to regex denial of service. An attacker is able to cause the package to consume excess system resources resulting in an application crash using a large number of space characters...

Phabricator: Hyper Link Injection In email and Space Characters Allowed at Password Field.

Hello mongoose , I found that when you put email and password for signup, you can use space characters for the password which shouldn't be allowed. I also found that you can use hyperlink in First Name Field at next step when you are entering your personal information here and when you will get t...

Multiple Vulnerabilities in Mozilla Firefox and Firefox ESR

Mozilla Firefox is an open source web browser.Firefox ESR is an extended support version of Firefox. A security vulnerability exists in Mozilla Firefox's handling of IP address strings with Ogham space characters, which can be exploited by remote attackers to bypass the homology policy of the...

Microsoft MSN Messenger 1-4 Malformed Invite Request Denial of Service

No description provided by source. source: http://www.securityfocus.com/bid/4827/info Microsoft's MSN Messenger is an instant messenging client for Windows based machines, based on the Passport system. A vulnerability has been reported in some versions of MSN Messenger. Under some circumstances, ...

CVE-2010-4677

emWEB on Cisco Adaptive Security Appliances ASA 5500 series devices with software before 8.23 allows remote attackers to cause a denial of service daemon crash via a request for a document whose name contains space characters, aka Bug ID CSCsy08416...

Microsoft iExplorer ' ' Address Bar URI Spoofing Vulnerability

Microsoft Internet Explorer is prone to an URI spoofing vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-4106

WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the userlogin column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's...

CVE-2007-3201

Visual truncation vulnerability in Windows Privacy Tray WinPT 1.2.0 allows user-assisted remote attackers to install a key listed under the wrong user ID, and possibly cause the user to encrypt a victim's correspondence with this attacker-supplied key, via a key ID composed of the attacker's user...

CVE-2005-4466

Heap-based buffer overflow in the SIPParser function in i3sipmsg.dll in Interaction SIP Proxy before 3.0.011 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a REGISTER request with a SPI version number that contains a large number of space or tab...