11 matches found
EUVD-2019-7594
Malware in sbrugna...
CVE-2023-41105
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...
UBUNTU-CVE-2023-41105
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...
CVE-2023-41105
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...
PT-2023-9652 · Python +6 · Python +6
Name of the Vulnerable Software and Affected Versions: Python versions 3.11 through 3.11.4 Description: The issue is related to the os.path.normpath function, which truncates a path unexpectedly at the first '0' byte if such bytes are present in the path. This could lead to security issues, as...
MGASA-2022-0131 Updated flatpak packages fix security vulnerability
Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there's a null byte in the metadata file of an app. CVE-2021-43860 Path traversal vulnerability CVE-2022-21682 Vario...
CVE-2019-17137
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of path strings...
CVE-2019-11045
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...
The vulnerability of the PHP interpreter allows attackers to read arbitrary files or write to them.
The vulnerability of the PHP interpreter lies in the lack of checks for the sequence “%00” in the path name. Exploiting this vulnerability allows an attacker to read arbitrary files or write to them using specially crafted input data for an application that calls the DOMDocument save method or th...
USN-2658-1 php5 vulnerabilities
Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly use this issue to bypass intended restrictions and create or obtain access to sensitive files. CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026, CVE-2015-4598...
PHP move_uploaded_file implementation securely bypasses file creation vulnerability
PHP is a popular programming language. The moveuploadedfile implementation in PHP ext/standard/basicfunctions.c fails to properly handle the \x00 character in pathnames, allowing remote attackers to bypass extension limits and create files using special parameters...