Directory traversal

F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via 1 a trailing null byte, 2 multiple leading slashes, 3 Unicode encoding, 4 URL-encoded directory traversal or same-directory characters, or 5 upper case letters in the domain name...

CVE-2007-0187

F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via 1 a trailing null byte, 2 multiple leading slashes, 3 Unicode encoding, 4 URL-encoded directory traversal or same-directory characters, or 5 upper case letters in the domain name...

Adobe Macromedia ColdFusion source code leak

Adding twice encoded NULL byte to path allows .CFM file content disclosure...

Phrack55:Perl

Perl CGI Issues ------- Phrack Magazine --- Vol. 9 | Issue 55 --- 09.09.99 --- 07 of 19 ------------------------ Perl CGI Issues -------- rain.forest.puppy / ADM/Wiretrip ---------------- Introduction It seems to me that I should explain a little about what will be discussed. For the most part...

CVE-2006-5858

Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file...

phplive31-rfi.txt

/ -------------------------------------------------------- Neo Security Team NST - Advisory 25 - 08/10/06 -------------------------------------------------------- Program: PHP Live! Homepage: http://www.phplivesupport.com/ Vulnerable Versions: 3.1 and prior Risk: High! Impact: Critical Risk -==PH...

FreeBSD : phpbb -- NULL byte injection vulnerability (86526ba4-53c8-11db-8f1a-000a48049292)

Secunia reports : ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the 'avatarpath' parameter in admin/adminboard.php is not properly sanitised before being used as a configuration variable to store avata...

FreeBSD : punbb -- NULL byte injection vulnerability (e79876e4-5061-11db-a5ae-00508d6a62df)

CVE Mitre reports : PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to adminoptions.php with an avatarsdir parameter ending in %00. NOTE:...

DEBIAN-CVE-2006-5031

Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter, followed by a filename ending with "%00" and a .js filename...

phpNULL.txt

Author: ShAnKaR Title: multiple PHP application poison NULL byte vulnerability Applications: phpBB 2.0.21, punBB 1.2.12 Threat Level: Critical Original advisory in Russian: http://www.security.nnov.ru/Odocument221.html Poison NULL byte vulnerability for perl CGI applications was described in 1...

punbb -- NULL byte injection vulnerability

CVE Mitre reports: PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to adminoptions.php with an avatarsdir parameter ending in %00. NOTE:...

phpbb -- NULL byte injection vulnerability

Secunia reports: ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the "avatarpath" parameter in admin/adminboard.php is not properly sanitised before being used as a configuration variable to store avatar...

multiple PHP application poison NULL byte vulnerability

Author: ShAnKaR Title: multiple PHP application poison NULL byte vulnerability Applications: phpBB 2.0.21, punBB 1.2.12 Threat Level: Critical Poison NULL byte vulnerability for perl CGI applications was described in 1. ShAnKaR noted, that same vulnerability also affects different PHP application...

phpBB 2.0.21 - Poison Null Byte Remote File Upload

!/usr/bin/perl -w Author: ShAnKaR Title: multiple PHP application poison NULL byte vulnerability Applications: phpBB 2.0.21, punBB 1.2.12 Threat Level: Critical Original advisory in Russian: http://www.security.nnov.ru/Odocument221.html Poison NULL byte vulnerability for perl CGI applications was...

Webmin Null Byte Filtering Information Disclosure

The version of Webmin installed on the remote host is affected by an information disclosure vulnerability due to the Perl script 'miniserv.pl' failing to properly filter null characters from URLs. An attacker could exploit this to reveal the source code of CGI scripts, obtain directory listings, ...

CVE-2006-4458

Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. dot dot sequence and trailing null %00 byte in the GLOBALSphpgwinfouserpreferencescommoncountry parameter...

CVE-2006-3602

CVE-2006-3602 affects FarsiNews 3.0 BETA 1, via directory traversal in jscripts/tiny_mce/tiny_mce_gzip.php. The underlying flaw allows remote attackers to include arbitrary files by supplying .. and a trailing null (%00) byte in the language parameter of the advanced theme, enabling partial integ...

CVE-2006-3360

Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. dot dot sequence and a trailing null %00 byte in the lng parameter, which will display a different error message if the file exists...

PT-2006-4252 · Phpsysinfo · Phpsysinfo

Name of the Vulnerable Software and Affected Versions: phpSysInfo versions 2.5.1 through 3.2.4 Description: The issue allows remote attackers to determine the existence of arbitrary files via a .. dot dot sequence and a trailing null %00 byte in the lng parameter. This will display a different...

Microsoft Excel 2000/2003 (French) - Hlink Local Buffer Overflow

/ -/\NSRocket/- presents Microsoft Excel 2000 and 2003 exploit for WinXP SP2 french with shellcode source integrated Description: Microsoft Excel is prone to a remote code execution issue which may be triggered when a malformed Excel document is opened. The issue is due to an error in Excel while...