Lucene search
+L

202 matches found

RedHat Linux
RedHat Linux
added 2004/07/23 9:26 a.m.7 views

security flaw

The striptags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null \0 characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and...

6.8CVSS5.5AI score0.45159EPSS
Exploits3References4
RedHat Linux
RedHat Linux
added 2004/07/19 8:42 p.m.7 views

security flaw

The striptags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null \0 characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and...

6.8CVSS5.5AI score0.45159EPSS
Exploits3References4
Cvelist
Cvelist
added 2004/07/16 4:0 a.m.23 views

CVE-2004-0595

The striptags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null \0 characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and...

5.3AI score0.45159EPSS
Exploits3References18
Cvelist
Cvelist
added 2004/07/16 4:0 a.m.31 views

CVE-2004-0632

Adobe Reader 6.0 does not properly handle null characters when splitting a filename path into components, which allows remote attackers to execute arbitrary code via a file with a long extension that is not normally handled by Reader, triggering a buffer overflow...

7.8AI score0.07237EPSS
Exploits0References4
CVE
CVE
added 2004/07/16 4:0 a.m.127 views

CVE-2004-0595

The CVE-2004-0595 issue affects PHP’s strip_tags function in PHP 4.x (up to 4.3.7) and 5.x (up to 5.0.0RC3). The vulnerability arises because null characters (\0) in tag names are not filtered when restricting input to allowed tags, allowing dangerous tags to slip through and be processed by brow...

6.8CVSS5.3AI score0.45159EPSS
Exploits3References18Affected Software3
Cvelist
Cvelist
added 2004/03/18 5:0 a.m.25 views

CVE-2004-0284

Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service CPU consumption, if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters %00 after the host name...

6.3AI score0.16768EPSS
Exploits0References3
Cvelist
Cvelist
added 2003/04/02 5:0 a.m.29 views

CVE-2002-0935

Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service resource exhaustion via a large number of requests to the server with null characters, which causes the working threads to hang...

6.6AI score0.07854EPSS
Exploits0References8
NVD
NVD
added 2002/12/23 5:0 a.m.22 views

CVE-2002-1360

Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminat...

10CVSS7.9AI score0.0614EPSS
Exploits0References5
Cvelist
Cvelist
added 2002/12/17 5:0 a.m.27 views

CVE-2002-1360

Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminat...

7.7AI score0.0614EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2002/12/17 5:0 a.m.39 views

CVE-2002-1360

Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminat...

10CVSS7.5AI score0.0614EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2002/08/31 12:0 a.m.6 views

PT-2002-2004 · Care 2002 · Care 2002

Name of the Vulnerable Software and Affected Versions: CARE 2002 versions prior to beta 1.0.02 Description: The issue allows remote attackers to read arbitrary files via .. dot dot sequences and null characters in the lang parameter, which is processed by a call to the include function...

5CVSS6.8AI score0.02276EPSS
Exploits1References5
NVD
NVD
added 2002/08/12 4:0 a.m.22 views

CVE-2002-0533

phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service CPU consumption and corrupt the database via null \0 characters within code tags...

5CVSS6.7AI score0.01797EPSS
Exploits0References6
NVD
NVD
added 2002/08/12 4:0 a.m.13 views

CVE-2002-0534

PostBoard 2.0.1 and earlier with BBcode allows remote attackers to cause a denial of service CPU consumption and corrupt the database via null \0 characters within code tags...

5CVSS6.7AI score0.02633EPSS
Exploits1References3
Cvelist
Cvelist
added 2002/06/11 4:0 a.m.26 views

CVE-2002-0533

phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service CPU consumption and corrupt the database via null \0 characters within code tags...

6.7AI score0.01797EPSS
Exploits0References6
Cvelist
Cvelist
added 2002/06/11 4:0 a.m.17 views

CVE-2002-0534

PostBoard 2.0.1 and earlier with BBcode allows remote attackers to cause a denial of service CPU consumption and corrupt the database via null \0 characters within code tags...

6.7AI score0.02633EPSS
Exploits1References3
CERT
CERT
added 2001/10/19 12:0 a.m.35 views

RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 do not properly handle null characters in URL

Overview RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 contain a vulnerability in which the ACE/Agent does not properly handle null characters contained in a URL. A specially crafted request may cause ACE/Agent to enter a debugging mode, possibly...

6.6AI score
Exploits0References2
NVD
NVD
added 2001/06/02 4:0 a.m.15 views

CVE-2001-0258

The Easycom/Safecom Print Server firmware 404.590 PrintGuide server allows remote attackers to cause a denial of service via a large number of connections that send null characters...

5CVSS6.6AI score0.01258EPSS
Exploits0References2
Cvelist
Cvelist
added 2001/04/04 4:0 a.m.22 views

CVE-2001-0258

The Easycom/Safecom Print Server firmware 404.590 PrintGuide server allows remote attackers to cause a denial of service via a large number of connections that send null characters...

6.6AI score0.01258EPSS
Exploits0References2
CVE
CVE
added 2000/10/13 4:0 a.m.43 views

CVE-2000-0708

Affected product: Pragma Systems TelnetServer 2000, version 4.0. Vulnerability: buffer overflow in the rexec port handling, triggered by a long series of null characters. Impact: remote attacker could cause a denial of service. Exploitation status: not provided in the documents. Remediation: no f...

5CVSS7.2AI score0.03414EPSS
Exploits1References3Affected Software1
Exploit DB
Exploit DB
added 2000/10/09 12:0 a.m.48 views

extropia webstore 1.0/2.0 - Directory Traversal

source: https://www.securityfocus.com/bid/1774/info Extropia WebStore is an e-commerce shopping cart application consisting of routines for error handling, order processing, encrypted mailing, frames, Javascript and VBscript. The routine webstore.cgi does not properly handle the $fileextension...

7.4AI score
Exploits0
Rows per page
Query Builder