Medium: python-ldap

Issue Overview: python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, ldap.dn.escapednchars escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this...

EUVD-2016-5957

Malware in sbrugna...

EUVD-2002-0537

Malware in sbrugna...

EUVD-2025-5484

Malicious code in bioql PyPI...

IBM MQ Code Execution Vulnerability (CNVD-2025-05563)

IBM MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA. A code execution vulnerability exists in IBM MQ that stems from improper escape character...

CVE-2025-0975 IBM MQ code execution

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters...

IBM MQ 安全漏洞

IBM MQ is a messaging middleware product from International Business Machines IBM. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA. A code execution vulnerability exists in IBM MQ that stems from improper escape character...

DEBIAN-CVE-2024-34507

An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges%1b0000000...

SUSE CVE-2023-28101

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the flatpak1 command-line...

SUSE CVE-2017-1002201

In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code...

IBM Sterling B2B Integrator 跨站脚本漏洞

IBM Sterling B2B Integrator is a suite of software from IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with different partner communities. IBM Sterling B2B Integrator Standard Edition has a cross-site...

Open-Xchange: Path Traversal in dict-fs and no-check Escape Character in oauth2-jwt

0x01 Path Traversal in dict-fs module If we use fs to store dictionaries, when program get the value of key: static int fsdictlookupstruct dict dict, poolt pool, const char key, const char valuer, const char errorr struct fsdict dict = struct fsdict dict; struct fsfile file; struct istream input;...

Acronis: DOM based XSS in store.acronis.com/<id>/purl-corporate-standard-IT [cfg parameter]

Summary Hi Acronis team, i found a DOM based XSS in store.acronis.com, this vulnerability arise from a missing escape for the \ character. Steps To Reproduce 1. go to:...

SUSE-SU-2019:2956-1 Security update for qemu

This update for qemu fixes the following issues: - Remove a backslash '' escape character from 80-qemu-ga.rules bsc1153358 Unlike sles 15 or newer guests, The udev rule file of qemu guest agent in sles 12 sp4 or newer guest only needs one escape character. - Fix use-after-free in slirp...

cups-filters -- code execution

Salvatore Bonaccorso reports: Cups Filters/Foomatic Filters does not consider backtick as an illegal escape character...

PCS pcsd web UI OS Command Injection Vulnerability

PCS is a set of tools for configuring and managing Pacemaker and Corosync clustering software using the command line and web UI. A security vulnerability exists in the pcsd web UI in PCS 0.9.139 and earlier versions. The vulnerability can be exploited by a remote attacker to execute arbitrary...

The path separator"\"with"/"in the Web of induced vulnerability-vulnerability warning-the black bar safety net

Whether is under windows the path separator""or linux"/", this is not a serious problem, but in the web of the upper surface of the opening will appear a lot of"bugs", if the web Developer did not consider this issue, then may appear very serious bug. In the VC code\ \ \is an escape character,...

Stack overflow

Multiple stack-based buffer overflows in the prnetiotelnetgets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a 1 FTP or 2 FTPS server...

CVE-2010-4221

Multiple stack-based buffer overflows in the prnetiotelnetgets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a 1 FTP or 2 FTPS server...

If the other is a BT-vulnerability warning-the black bar safety net

Use the security policy prohibits local host is connected to each other in any port! Then allow others to connect their 8 0 port! The debug/ftp/tftp/its/start/net/net1/echo/edit to remove it! Local only provides a web service! Shut down/filter all ports,and now get this host is a shell, there are...