CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Wing FTP version 7.4.2 and earlier is vulnerable to a remote code execution vulnerability due to improper handling of null characters in file paths. An attacker can exploit this vulnerability by sending a specially crafted request that includes a null character, allowing them to execute arbitrary...

10CVSS8.8AI score0.92927EPSS

Exploits23References2

RedhatCVE•added 2025/05/21 8:34 p.m.•4 views

CVE-2002-2167

Directory traversal vulnerability in functionfoot1.inc.php for Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to read arbitrary files via .. dot dot sequences terminated by a null character in the $designNo variable, which is part of an "include" function call...

5CVSS7.1AI score0.00859EPSS

Exploits0References1

OSV•added 2018/06/11 9:29 p.m.•7 views

CVE-2017-7829

It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird 52.5.2...

5.3CVSS8.3AI score

Exploits0References8

OSV•added 2014/10/31 3:53 p.m.•7 views

MGASA-2014-0438 Updated dokuwiki packages fix security vulnerabilities

inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call CVE-2014-8761. The ajaxmediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access...

5CVSS7AI score0.01224EPSS

Exploits0References5

Cvelist•added 2002/06/11 4:0 a.m.•11 views

CVE-2002-0492

dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbitrary setup files via a null character in the database parameter...

6.7AI score0.05599EPSS

Exploits0References1

exploitpack•added 2002/04/30 12:0 a.m.•12 views

BEA Systems WebLogic Server and Express 7.0 - Null Character Denial of Service

BEA Systems WebLogic Server and Express 7.0 - Null Character Denial of Service source: https://www.securityfocus.com/bid/4646/info BEA Systems WebLogic Server is an enterprise level web and wireless application server for Microsoft Windows and most Unix and Linux distributions. BEA WebLogic Expre...

0.1AI score

Exploits0

Exploit DB•added 2002/03/25 12:0 a.m.•31 views

DCShop Beta 1.0 - Form Manipulation

source: https://www.securityfocus.com/bid/4356/info DCShop Beta is a freely available shopping cart system, written in Perl. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. It is possible to overwrite setup files .setup by submitting attacker-supplied...

7.4AI score

Exploits0

securityvulns•added 2001/05/29 12:0 a.m.•27 views

directorypro.cgi , directory traversal

cgi-script directorypro.cgi is vulnerable to a directory traversal. http://target/cgi-bin/directorypro.cgi?want=showcat&show=../../../..//etc/motd00 I didn't looked at the source of the script but it is probably a script wat normally puts an extension to the requested file. But bij putting the 00...

7AI score

Exploits0

securityvulns•added 2000/07/24 12:0 a.m.•19 views

Проблемы в сервере Roxen

Используя нулевой символ 00 можно просматривать листинги директорий, получать содержимое исполняемых файлов и т.д...

0.7AI score

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by