133 matches found
Control Web Panel (CWP) - File Inclusion
In CWP Control Web Panel, previously CentOS Web Panel before version 0.9.8.1107, an unauthenticated attacker can abuse null byte %00 injection with the "scripts" parameter in the /user/loader.php or /user/login.php endpoints to register arbitrary API keys or access sensitive files. This can be...
CVE-2016-20079
WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. Attackers can supply file paths with directory traversal sequences or null byte injection to the gatewa...
CVE-2016-20079 WordPress Dharma Booking 2.28.3 Local File Inclusion via proccess.php
WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. Attackers can supply file paths with directory traversal sequences or null byte injection to the gatewa...
CVE-2016-20079
CVE-2016-20079 affects WordPress Dharma Booking 2.28.3 and earlier. The issue is a local file inclusion in the proccess.php gateway parameter, allowing unauthenticated attackers to read sensitive files by using directory traversal or null byte injection. This can expose configuration and system f...
CVE-2026-45380 bit7z: Path Traversal via Null Byte Injection from `gcount()` Off-by-One in `restoreSymlink()`
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink allows an attacker to craft a .7z archive that, when extracted with bit7z on any non-Windows platform,...
CVE-2026-45380 bit7z: Path Traversal via Null Byte Injection from `gcount()` Off-by-One in `restoreSymlink()`
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink allows an attacker to craft a .7z archive that, when extracted with bit7z on any non-Windows platform,...
CVE-2022-50953
WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...
CVE-2022-50953 WordPress Plugin admin-word-count-column 2.2 Local File Read
WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...
CVE-2022-50953 WordPress Plugin admin-word-count-column 2.2 Local File Read
WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...
EUVD-2022-56000
WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...
CVE-2022-50953
The CVE concerns the WordPress plugin admin-word-count-column version 2.2 . A vulnerability allows unauthenticated local file read via crafted requests to download-csv.php, exploiting a null byte injection in the path parameter to bypass restrictions and read arbitrary files (e.g., system configu...
CVE-2022-50953
WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...
PT-2026-47231
WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...
PT-2026-38372
Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.133.Final Netty versions prior to 4.2.13.Final Description Netty's DNS codec fails to enforce RFC 1035 domain name constraints during encoding and decoding, creating a bidirectional attack surface. In the encoder, t...
NPM: Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams
NPM: Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams vulnerability discovered by ? in WordPress Npm axios versions = 0.31.0...
Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams
Vulnerability Disclosure: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams Summary The encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00'...
CVE-2026-42040 Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00' correctly...
SUSE CVE-2026-33191
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's...
CVE-2026-33191
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's...
Linux Distros Unpatched Vulnerability : CVE-2026-33191
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in...