Lucene search
K

1154 matches found

Prion
Prion
added 2007/07/25 5:30 p.m.12 views

Design/Logic Flaw

Off-by-one error in the fspreaddirr function in fsplib.c in fsplib before 0.9 allows remote attackers to cause a denial of service via a directory entry whose length is exactly MAXNAMELEN, which prevents a terminating null byte from being added...

5CVSS6.6AI score0.02069EPSS
Exploits0References9Affected Software1
Packet Storm
Packet Storm
added 2007/07/24 12:0 a.m.21 views

webspell-lfi.txt

muH - $Title: Webspell 4.x Local File Inclusion Win $Damage Factor: Medium - High $Requires: Win Box & Php Supporting %00 $Discovered by muH $Usage: http://server.com/index.php?site=c:\windows\repair\sam%00...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2007/07/11 12:0 a.m.56 views

Multiple .NET Null Byte Injection Vulnerabilities

======================================================================== = Multiple .NET Null Byte Injection Vulnerabilities = = Vendor Website: = http://www.microsoft.com = = Affected Version: = .NET FrameWork v1.1 SP1 = .NET FrameWork v2.0.50727 = = Vendor Notified - October, 2006 = Public...

8.1AI score
Exploits0
Packet Storm
Packet Storm
added 2007/07/11 12:0 a.m.59 views

dotnet-nullbyte.txt

======================================================================== = Multiple .NET Null Byte Injection Vulnerabilities = = Vendor Website: = http://www.microsoft.com = = Affected Version: = .NET FrameWork v1.1 SP1 = .NET FrameWork v2.0.50727 = = Vendor Notified - October, 2006 = Public...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/07/11 12:0 a.m.186 views

MS07-040: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212) (uncredentialed check)

The remote web server is running a version of the ASP.NET framework that contains multiple vulnerabilities : - A PE Loader vulnerability could allow an attacker to execute arbitrary code with the privilege of the logged-on user. - A ASP.NET NULL byte termination vulnerability could allow an...

9.3CVSS6.1AI score0.77716EPSS
Exploits2References5
Prion
Prion
added 2007/07/10 10:30 p.m.26 views

Design/Logic Flaw

Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring o...

7.8CVSS6.8AI score0.77716EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2007/07/10 10:30 p.m.26 views

CVE-2007-0042

Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring o...

7.8CVSS6.6AI score0.77716EPSS
Exploits0References8
Cvelist
Cvelist
added 2007/07/10 10:0 p.m.37 views

CVE-2007-0042

Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring o...

6.5AI score0.77716EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2007/07/10 12:0 a.m.162 views

MS07-040: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212)

The remote host is running a version of the ASP.NET framework that contains multiple vulnerabilities : - A PE Loader vulnerability could allow an attacker to execute arbitrary code with the privileges of the logged-on user. - An ASP.NET NULL byte termination vulnerability could allow an attacker ...

9.3CVSS6.1AI score0.77716EPSS
Exploits2References5
exploitpack
exploitpack
added 2007/07/06 12:0 a.m.24 views

Microsoft .Net Framework 2.0 - Multiple Null Byte Injection Vulnerabilities

Microsoft .Net Framework 2.0 - Multiple Null Byte Injection Vulnerabilities source: https://www.securityfocus.com/bid/24791/info Microsoft .NET Framework is prone to multiple NULL-byte injection vulnerabilities because it fails to adequately sanitize user-supplied data. An attacker can exploit...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2007/07/06 12:0 a.m.45 views

Microsoft .Net Framework 2.0 - Multiple Null Byte Injection Vulnerabilities

source: https://www.securityfocus.com/bid/24791/info Microsoft .NET Framework is prone to multiple NULL-byte injection vulnerabilities because it fails to adequately sanitize user-supplied data. An attacker can exploit these issues to access sensitive information that may aid in further attacks;...

7.4AI score
Exploits0
UbuntuCve
UbuntuCve
added 2007/06/20 7:30 p.m.25 views

CVE-2007-3285

Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a 1 file:/// or 2 resource: URI with a dangerous extension, followed by a NULL byte %00 and a safer extension, which causes Firefox to treat the requested file...

6.8CVSS7.3AI score0.01751EPSS
Exploits3References2
Prion
Prion
added 2007/06/20 7:30 p.m.21 views

Type confusion

Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a 1 file:/// or 2 resource: URI with a dangerous extension, followed by a NULL byte %00 and a safer extension, which causes Firefox to treat the requested file...

6.8CVSS6.9AI score0.01751EPSS
Exploits3References22Affected Software1
Cvelist
Cvelist
added 2007/06/20 7:0 p.m.27 views

CVE-2007-3285

Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a 1 file:/// or 2 resource: URI with a dangerous extension, followed by a NULL byte %00 and a safer extension, which causes Firefox to treat the requested file...

9.3AI score0.01751EPSS
Exploits3References22
exploitpack
exploitpack
added 2007/05/14 12:0 a.m.24 views

webdesproxy 0.0.1 - exec-shield GET Remote Code Execution

webdesproxy 0.0.1 - exec-shield GET Remote Code Execution / Fedora Core 6 exec-shield based Webdesproxy webdesproxy-0.0.1.tgz remote root exploit reverse connect-back method by Xpl017Elz Advanced exploitation in exec-shield Fedora Core case study URL:...

0.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2007/03/14 5:2 a.m.2 views

: seamonkey cookie setting / same-domain bypass vulnerability

Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname location.hostname DOM property, due to...

7.5CVSS7.4AI score0.12144EPSS
Exploits7References4
RedHat Linux
RedHat Linux
added 2007/03/14 12:24 a.m.3 views

: seamonkey cookie setting / same-domain bypass vulnerability

Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname location.hostname DOM property, due to...

7.5CVSS7.4AI score0.12144EPSS
Exploits7References4
securityvulns
securityvulns
added 2007/03/06 12:0 a.m.35 views

mod_security protection bypass

Invalid handling of NULL byte in POST form data opens possibility to traverse checks...

6.8CVSS2.8AI score0.06616EPSS
Exploits1References1Affected Software1
RedHat Linux
RedHat Linux
added 2007/03/02 6:27 p.m.2 views

: seamonkey cookie setting / same-domain bypass vulnerability

Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname location.hostname DOM property, due to...

7.5CVSS7.4AI score0.12144EPSS
Exploits7References4
RedHat Linux
RedHat Linux
added 2007/02/24 2:41 a.m.4 views

: seamonkey cookie setting / same-domain bypass vulnerability

Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname location.hostname DOM property, due to...

7.5CVSS7.4AI score0.12144EPSS
Exploits7References4
Rows per page
Query Builder