Type confusion

avatarupload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product...

CVE-2006-2530

avatarupload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product...

CVE-2006-2530

avatarupload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product...

CVE-2006-2530

CVE-2006-2530 affects Avatar MOD 1.3 for Snitz Forums 3.4 (and possibly other versions). The issue arises in avatar_upload.asp where remote attackers can bypass file type checks and upload arbitrary files by inserting a null byte in the file name. This constitutes an input validation bypass in th...

Directory traversal

Directory traversal vulnerability in unblib/abbc.conf.php in Unclassified NewsBoard UNB 1.6.1 patch 1 and earlier, when registerglobals is enabled, allows remote attackers to include arbitrary files via .. dot dot sequences and a trailing null byte %00 in the ABBCConfigsmileset parameter to...

CVE-2006-1821

Directory traversal vulnerability in index.php in ModX 0.9.1 allows remote attackers to read arbitrary files via a .. dot dot sequence and trailing NULL %00 byte in the id parameter...

Directory traversal

DISPUTED Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a .. dot dot and trailing null byte %00 in the sShare parameter. NOTE: a followup post claims that this is not a vulnerability since the functionality of...

PT-2006-1319 · Phpxplorer · Phpxplorer

Name of the Vulnerable Software and Affected Versions: phpXplorer version 0.9.33 Description: A directory traversal issue in workspaces.php allows remote attackers to include arbitrary files via a .. dot dot and trailing null byte %00 in the sShare parameter. However, it is claimed that this...

CVE-2005-4600

Directory traversal vulnerability in tinymcegzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte %00 in the 1 theme, 2 language, 3 plugins, or 4 lang parameter...

DEBIAN-CVE-2005-4600

Directory traversal vulnerability in tinymcegzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte %00 in the 1 theme, 2 language, 3 plugins, or 4 lang parameter...

CVE-2005-4147

The TCLHTTPd service in Lyris ListManager before 8.9b allows remote attackers to obtain source code for arbitrary .tml TCL files via 1 a request with a trailing null byte %00, which might also require 2 an authentication bypass step that involves a username with a trailing "@" characters...

CVE-2004-2584

CVE-2004-2584 affects SmarterTools SmarterMail 1.6.1511 and 1.6.1529. The description specifies that frmAddfolder.aspx allows remote authenticated users to create a folder that SmarterMail cannot delete or rename when the folder name contains a null byte ("%00"). The underlying cause is a folder ...

Internet Explorer inline content filename extension vulnerability

Added: 11/25/2005 CVE: CVE-2001-0727 BID: 3578 OSVDB: 3033 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Using a null byte %00 in the filename field found in the Content-disposition header, a remote web server may be able to...

BadBlue invalid null byte vulnerability

It was possible to read the content of /EXT.INI BadBlue configuration file by sending an invalid GET request. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier...

eXtropia Web Store Remote File Retrieval Vulnerability - Active Check

eXtropia SPDX-FileCopyrightText: 2000 Thomas Reinke Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.10532";...

CVE-2005-3404

CVE-2005-3404 : ATutor versions 1.4.1–1.5.1-pl1 are affected by multiple PHP file inclusion vulnerabilities. An attacker can cause remote inclusion of arbitrary files via the section parameter (with a null byte %00) in body_header.inc.php and print.php. This corresponds to an arbitrary file inclu...

CVE-2005-2895

setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to obtain sensitive information via a %00 a null byte in the u parameter, which reveals the path in an error message...

CVE-2005-2813

Directory traversal vulnerability in FlatNuke 2.5.6 and possibly earlier allows remote attackers to read arbitrary files via ".." sequences and "%00" trailing null byte characters in the id parameter to the read mod in index.php...

CVE-2002-1721

Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attackers to cause a denial of service crash via an x-header that causes snprintf overwrite the FFGETFILE variable with a null byte...

CVE-2005-2008

Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 null...