36 matches found
GHSA-J2JG-FQ62-7C3H Gradio Blocked Path ACL Bypass Vulnerability
Summary Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This vulnerability arises due to the lack of case normalization in the file path validation logic. On case-insensitive file systems, such as those used by Windo...
CVE-2024-12326
Jirafeau normally prevents browser preview for SVG files due to the possibility that manipulated SVG files could be exploited for cross site scripting. This was done by storing the MIME type of a file and preventing the browser preview for MIME type image/svg+xml. This issue was first reported in...
Jirafeau 跨站脚本漏洞
Jirafeau is a simple method of uploading files by the individual developer Jérôme Jutteau. Jirafeau suffers from a cross-site scripting vulnerability that stems from case-insensitive MIME type checking of SVG files, which allows bypassing browser preview restrictions by modifying the case of...
GHSA-WPMX-564X-H2MH ewen-lbh/ffcss Late-Unicode normalization vulnerability
Summary The function lookupPreprocess is meant to apply some transformations to a string by disabling characters in the regex - .. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypass that validation and re-introduce all the characters in the regex - .. go ...
curl: Bad connection reuse due to flawed path name checks
A flaw was found in libcurl in the way libcurl handles previously used connections without accounting for 'issuer cert' and comparing the involved paths case-insensitively. This flaw allows libcurl to use the wrong connection. The highest threat from this vulnerability is to confidentiality...
CVE-2021-22924
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...
CVE-2021-22924
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...
Action case insensitivity
Fix security breach = required role for action was not required for Action nor ACTION. Thanks to [email protected]...
Action case insensitivity
Fix security breach = required role for action was not required for Action nor ACTION. Thanks to [email protected]...
Microsoft Windows: System objects: Require case insensitivity for non-Windows subsystems
This test checks the setting for policy OpenVAS Vulnerability Test $Id: winsocaseinsensitivesubsystems.nasl 11344 2018-09-12 06:57:52Z emoss $ Check value for System objects: Require case insensitivity for non-Windows subsystems Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks...
BSA-2017-436
Security Advisory ID : BSA-2017-436 Component : Perl Revision : 2.0: Interim Heap-based buffer overflow in the regular expression compiler in PERL before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service crash via a crafted regular expression with the...
UBUNTU-CVE-2017-12837
Heap-based buffer overflow in the Sregatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service out-of-bounds write via a regular expression with a '\N' escape and the case-insensitive modifier...
Ruby OpenSSL Hostname Verification
After reviewing RFC 6125 and RFC 5280, we found multiple violations of matching hostnames and particularly wildcard certificates. Ruby’s OpenSSL extension will now provide a string-based matching algorithm which follows more strict behavior, as recommended by these RFCs. In particular, matching o...
OpenVMS weak passwords
Llimit character set, case insensitivity and fast encryption algorythm allow password bruteforcing...
Apache 1.3.14 - Mac File Protection Bypass
Apache 1.3.14 - Mac File Protection Bypass source: https://www.securityfocus.com/bid/2852/info A vulnerability exists when Apache webserver is used with Mac OS X Client. The standard filesystem for Mac OS X is HFS+. HFS+ is case insensitive while Apache's filtering is case sensitive. The result i...
Apache 1.3.14 - Mac File Protection Bypass
source: https://www.securityfocus.com/bid/2852/info A vulnerability exists when Apache webserver is used with Mac OS X Client. The standard filesystem for Mac OS X is HFS+. HFS+ is case insensitive while Apache's filtering is case sensitive. The result is that Apache will filter all file requests...