202 matches found
security flaw
The striptags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null \0 characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and...
security flaw
The striptags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null \0 characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and...
CVE-2004-0595
The striptags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null \0 characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and...
CVE-2004-0632
Adobe Reader 6.0 does not properly handle null characters when splitting a filename path into components, which allows remote attackers to execute arbitrary code via a file with a long extension that is not normally handled by Reader, triggering a buffer overflow...
CVE-2004-0595
The CVE-2004-0595 issue affects PHP’s strip_tags function in PHP 4.x (up to 4.3.7) and 5.x (up to 5.0.0RC3). The vulnerability arises because null characters (\0) in tag names are not filtered when restricting input to allowed tags, allowing dangerous tags to slip through and be processed by brow...
CVE-2004-0284
Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service CPU consumption, if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters %00 after the host name...
CVE-2002-0935
Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service resource exhaustion via a large number of requests to the server with null characters, which causes the working threads to hang...
CVE-2002-1360
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminat...
CVE-2002-1360
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminat...
CVE-2002-1360
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminat...
PT-2002-2004 · Care 2002 · Care 2002
Name of the Vulnerable Software and Affected Versions: CARE 2002 versions prior to beta 1.0.02 Description: The issue allows remote attackers to read arbitrary files via .. dot dot sequences and null characters in the lang parameter, which is processed by a call to the include function...
CVE-2002-0533
phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service CPU consumption and corrupt the database via null \0 characters within code tags...
CVE-2002-0534
PostBoard 2.0.1 and earlier with BBcode allows remote attackers to cause a denial of service CPU consumption and corrupt the database via null \0 characters within code tags...
CVE-2002-0533
phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service CPU consumption and corrupt the database via null \0 characters within code tags...
CVE-2002-0534
PostBoard 2.0.1 and earlier with BBcode allows remote attackers to cause a denial of service CPU consumption and corrupt the database via null \0 characters within code tags...
RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 do not properly handle null characters in URL
Overview RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 contain a vulnerability in which the ACE/Agent does not properly handle null characters contained in a URL. A specially crafted request may cause ACE/Agent to enter a debugging mode, possibly...
CVE-2001-0258
The Easycom/Safecom Print Server firmware 404.590 PrintGuide server allows remote attackers to cause a denial of service via a large number of connections that send null characters...
CVE-2001-0258
The Easycom/Safecom Print Server firmware 404.590 PrintGuide server allows remote attackers to cause a denial of service via a large number of connections that send null characters...
CVE-2000-0708
Affected product: Pragma Systems TelnetServer 2000, version 4.0. Vulnerability: buffer overflow in the rexec port handling, triggered by a long series of null characters. Impact: remote attacker could cause a denial of service. Exploitation status: not provided in the documents. Remediation: no f...
extropia webstore 1.0/2.0 - Directory Traversal
source: https://www.securityfocus.com/bid/1774/info Extropia WebStore is an e-commerce shopping cart application consisting of routines for error handling, order processing, encrypted mailing, frames, Javascript and VBscript. The routine webstore.cgi does not properly handle the $fileextension...