📄 Wing FTP Server 8.0.7 Remote Code Execution

A NULL-byte truncation vulnerability in Wing FTP Server allows bypassing an authentication prefix check, allowing the payload to reach Lua execution contexts. Version 8.0.7 is affected...

EUVD-2011-5242

Malware in sbrugna...

CVE-2011-10009

Affected software: S40 CMS v0.4.2. Vulnerability: path traversal via the index.php page handler; the p parameter is not properly sanitized, enabling traversal of the file system and access to arbitrary files outside the web root. Impact: remote, unauthenticated exploitation leading to potential e...

CVE-2011-10009 S40 CMS 0.4.2 Path Traversal

S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending...

Wing FTP Server NULL-byte Authentication Bypass (CVE-2025-47812)

Wing FTP Server allows arbitrary Lua code injection via a NULL-byte %00 truncation bug CVE-2025-47812. Supplying %00 as the username makes the C++ authentication routine validate only the prefix, while the full string is written unfiltered into the session file and later executed with root/SYSTEM...

📄 Wing FTP Server NULL-byte Authentication Bypass

Wing FTP Server allows arbitrary Lua code injection via a NULL-byte %00 truncation bug CVE-2025-47812. Supplying %00 as the username makes the C++ authentication routine validate only the prefix, while the full string is written unfiltered into the session file and later executed with root/SYSTEM...

CVE-2022-2778

In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes...

Important: ruby

Issue Overview: A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the built-in methods File.fnmatch and its alias File.fnmatch? did not properly handle path patterns containing the NULL byte. A remote attacker could exploit this flaw t...

OPENSUSE-SU-2021:1592-1 Security update for nim

This update for nim fixes the following issues: - CVE-2021-41259: Fixed vulnerability in URL parser that allowed a null byte bypass boo1192712 This update was imported from the openSUSE:Leap:15.2:Update update project...

OPENSUSE-SU-2021:1585-1 Security update for nim

This update for nim fixes the following issues: - CVE-2021-41259: Fixed vulnerability in URL parser that allowed a null byte bypass boo1192712...

onArcade 2.4.x Local File Disclosure Vulnerability

Exploit for php platform in category web applications Exploit Title: onArcade 2.4.x Local File Get Contents Vulnerability Google Dork: inurl:"cup.php?a=all" Date: 23 Mar 2017 Exploit Author: Deyaa Muhammad Author Mail: contact at deyaa.me Exploit Blog:...

PHP 4/5 addslashes() NULL Byte Bypass

No description provided by source. source: http://www.securityfocus.com/bid/11981/info PHP4 and PHP5 are reported prone to multiple remotely exploitable vulnerabilities. These issue result from insufficient sanitization of user-supplied data. A remote attacker may carry out directory traversal...

CommonSpot < 7.0.2 / 8.0.3 / 9.0.0 Multiple Vulnerabilities

According to its version number, the CommonSpot install hosted on the remote web server is affected by multiple vulnerabilities : - An access restriction bypass via a direct request. CVE-2014-2859 - Multiple cross-site scripting XSS vulnerabilities. CVE-2014-2860, CVE-2014-2861 - Improper...