Citrix XenServer Multiple Vulnerabilities (CTX218775)

The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the sniffnetware function within file tools/pygrub/src/pygrub when handling string quotes and S-expressions in the bootloader whenev...

WhatsApp Web Username Bypass Vulnerability

Exploit for tricks platform in category remote exploits Title: Web WhatsApp Username Bypass Date: 31.10.2016 Author: Glumi Software Link: https://web.whatsapp.com/ Why this works: Web WhatsApp is filtering null bytes for all username inputs but this can be bypassed by using the"NOP"-character 0x9...

Telegram Web 0.5.5 Username Bypass

Exploit Title: Telegram Web Empty Username Bypass Date: 18/10/2016 Author: Ashiyane Digital Security Team Software Link: https://web.telegram.org version : Telegram Web 0.5.5 Tested on: Windows 7 Description: Telegram filters null bytes for username input but you can bypass this filter with "NOP"...

UBUNTU-CVE-2015-7695

The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query...

Linux kernel information disclosure vulnerability (CNVD-2016-03867)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. An information disclosure vulnerability exists in the 'tipcnlcompatlinkdump' function in the net/tipc/netlinkcompat.c file of the Linux kernel, which stems from a program's...

HackerOne: Manipulate report timeline activity by using null byte.

Null bytes are not permitted in report body, or even in report title. But that can be used in the comment section of self-closing for reporter and change-status for team. When a null byte is used as a comment, that report timeline activity disappears! For example:...

Ubuntu 14.04 LTS : Kerberos vulnerabilities (USN-2810-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2810-1 advisory. It was discovered that the Kerberos kpasswd service incorrectly handled certain UDP packets. A remote attacker could possibly use this issue to cause...

USN-2810-1 krb5 vulnerabilities

It was discovered that the Kerberos kpasswd service incorrectly handled certain UDP packets. A remote attacker could possibly use this issue to cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. CVE-2002-2443 It was discovered that Kerberos...

Updated php-ZendFramework/php-ZendFramework2 packages fixe security vulnerabilities

Zend Framework contained several instances where it was using incorrect permissions masks, which could lead to local privilege escalation issues CVE-2015-5723. The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as ...

ZendFramework1 -- SQL injection vulnerability

Zend Framework developers report: The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection...

Ubuntu 14.04 LTS : PHP vulnerabilities (USN-2658-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2658-1 advisory. Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly use this issue to bypass...

USN-2658-1: PHP vulnerabilities

Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly use this issue to bypass intended restrictions and create or obtain access to sensitive files. CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026, CVE-2015-4598...

php: missing null byte checks for paths in various PHP extensions

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

Libmimedir Special File Arbitrary Code Execution Vulnerability

libmimedir is a library of graphical objects based on the RFC implementation of 2425 and 2426. A security vulnerability exists in libmimedir. A remote attacker can construct a specially crafted VCF file with two null bytes added to the end of the file and trick the user into parsing it, which can...

CVE-2015-3205

libmimedir allows remote attackers to execute arbitrary code via a VCF file with two NULL bytes at the end of the file, related to "free" function calls in the "lexer's memory clean-up procedure."...

CVE-2015-3205

Libmimedir’s VCF parser is vulnerable to memory corruption when parsing a VCF file with two trailing NULL bytes, triggering risky free() calls during lexer memory cleanup. A PoC/exploit code demonstrates potential arbitrary code execution via crafted VCF inputs; exploitation status in the wild is...

[SECURITY] [DSA 3280-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3280-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 07, 2015 http://www.debian.org/security/faq -...

PHP 5.4.x < 5.4.41 Multiple Vulnerabilities

According to its banner, the version of PHP 5.4.x running on the remote web server is prior to 5.4.41. It is, therefore, affected by multiple vulnerabilities : - Multiple unspecified flaws in pcrelib. CVE-2015-2325, CVE-2015-2326 - A flaw in the pharparsetarfile function in ext/phar/tar.c could...

Google Android Operating System < 4.4.0 Multiple Vulnerabilities

Binary data 8664.prm...

USN-2391-1: php5 vulnerabilities

Symeon Paraschoudis discovered that PHP incorrectly handled the mkgmtime function. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. CVE-2014-3668 Symeon Paraschoudis discovered that PHP incorrectly handled unserializing objects. A remote...