32 matches found
CVE-2009-1876
Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain sensitive information via unspecified vectors, related to a "double-encoded null character vulnerability."...
Cross site scripting
CA SiteMinder allows remote attackers to bypass cross-site scripting XSS protections for J2EE applications via a request containing a %00 encoded null byte...
Ubuntu Update for firefox vulnerabilities USN-490-1
Ubuntu Update for Linux kernel vulnerabilities USN-490-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4901.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for firefox vulnerabilities USN-490-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
File type confusion due to %00 in name — Mozilla
Ronald van den Heetkamp reported that a filename URL containing %00 encoded null can cause Firefox to interpret the file extension differently than the underlying Windows operating system potentially leading to unsafe actions such as running a program. This is only accessible locally...
CVE-2006-5858
Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file...
CVE-2005-1198
Directory traversal vulnerability in apexec.pl for Anaconda Foundation Directory allows remote attackers to read arbitrary files via hex-encoded null characters %00 in the middle of ".." sequences in the template parameter...
BEA WebLogic < 6.1 SP2 Encoded Null Byte Request JSP Source Disclosure
Binary data 1526.prm...
CVE-2003-0975
Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character %00 followed by the target domain...
CVE-2002-1021
BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte...
CVE-2002-1025
JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed...
CVE-2002-1021
BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte...
CVE-2002-1021
Summary of CVE-2002-1021 (BadBlue Hex-encoded Null Byte) The vulnerability affects the BadBlue web server and allows remote attackers to read restricted files (notably EXT.INI, the BadBlue configuration file) by sending an HTTP request containing a hex-encoded NULL byte. This constitutes an infor...