13 matches found
📄 Wing FTP Server 8.0.7 Remote Code Execution
A NULL-byte truncation vulnerability in Wing FTP Server allows bypassing an authentication prefix check, allowing the payload to reach Lua execution contexts. Version 8.0.7 is affected...
EUVD-2011-5242
Malware in sbrugna...
CVE-2011-10009 S40 CMS 0.4.2 Path Traversal
S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending...
CVE-2011-10009
Affected software: S40 CMS v0.4.2. Vulnerability: path traversal via the index.php page handler; the p parameter is not properly sanitized, enabling traversal of the file system and access to arbitrary files outside the web root. Impact: remote, unauthenticated exploitation leading to potential e...
Wing FTP Server NULL-byte Authentication Bypass (CVE-2025-47812)
Wing FTP Server allows arbitrary Lua code injection via a NULL-byte %00 truncation bug CVE-2025-47812. Supplying %00 as the username makes the C++ authentication routine validate only the prefix, while the full string is written unfiltered into the session file and later executed with root/SYSTEM...
📄 Wing FTP Server NULL-byte Authentication Bypass
Wing FTP Server allows arbitrary Lua code injection via a NULL-byte %00 truncation bug CVE-2025-47812. Supplying %00 as the username makes the C++ authentication routine validate only the prefix, while the full string is written unfiltered into the session file and later executed with root/SYSTEM...
CVE-2022-2778
In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes...
Important: ruby
Issue Overview: A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the built-in methods File.fnmatch and its alias File.fnmatch? did not properly handle path patterns containing the NULL byte. A remote attacker could exploit this flaw t...
OPENSUSE-SU-2021:1592-1 Security update for nim
This update for nim fixes the following issues: - CVE-2021-41259: Fixed vulnerability in URL parser that allowed a null byte bypass boo1192712 This update was imported from the openSUSE:Leap:15.2:Update update project...
OPENSUSE-SU-2021:1585-1 Security update for nim
This update for nim fixes the following issues: - CVE-2021-41259: Fixed vulnerability in URL parser that allowed a null byte bypass boo1192712...
onArcade 2.4.x Local File Disclosure Vulnerability
Exploit for php platform in category web applications Exploit Title: onArcade 2.4.x Local File Get Contents Vulnerability Google Dork: inurl:"cup.php?a=all" Date: 23 Mar 2017 Exploit Author: Deyaa Muhammad Author Mail: contact at deyaa.me Exploit Blog:...
PHP 4/5 addslashes() NULL Byte Bypass
No description provided by source. source: http://www.securityfocus.com/bid/11981/info PHP4 and PHP5 are reported prone to multiple remotely exploitable vulnerabilities. These issue result from insufficient sanitization of user-supplied data. A remote attacker may carry out directory traversal...
CommonSpot < 7.0.2 / 8.0.3 / 9.0.0 Multiple Vulnerabilities
According to its version number, the CommonSpot install hosted on the remote web server is affected by multiple vulnerabilities : - An access restriction bypass via a direct request. CVE-2014-2859 - Multiple cross-site scripting XSS vulnerabilities. CVE-2014-2860, CVE-2014-2861 - Improper...