1154 matches found
CVE-2025-66263 Unauthenticated Arbitrary File Read via Null Byte Injection
Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in downloadsetting.php allows reading arbitrary files...
CVE-2025-66263
The CVE-2025-66263 entry describes an unauthenticated arbitrary file read due to a null byte injection in the Mozart FM Transmitter’s download_setting.php. The PHP code appends a forced .tgz extension to user-supplied $_GET['filename'], and on PHP 5.3.2 (pre-5.3.4) the null byte (%00) terminates ...
PT-2025-48117
Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in download setting.php allows reading arbitrary files...
DB Electronica Mozart FM Transmitter 安全漏洞
The DB Electronica Mozart FM Transmitter is a line of professional-grade FM radio transmitters from the Italian company DB Electronica. A security vulnerability exists in DB Electronica Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000 that originates in...
📄 7-Zip 25.00 Zip Slip Directory Traversal
7-Zip version 25.00 suffers from a symlink directory traversal vulnerability. This write up provides analysis with a proof of concept. ============================================================================================================================================= | Title : 7-Zip 25.0...
Improper Input Validation
@nubosoftware/node-static is vulnerable to improper input validation.The vulnerability is due to the package failing to handle null-byte %00 input correctly, which allows an attacker to trigger an exception and crash the server...
OESA-2025-2686 python-ldap security update
python-ldap: python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. Mainly it wraps the OpenLDAP 2.x libs for that purpose. Additionally the package contains modules for other LDAP-related stuff e.g. processing LDIF, LDAPURLs, LDAPv3 schema, LDAPv3...
OESA-2025-2685 python-ldap security update
python-ldap: python-ldap provides an object-oriented API to access LDAP directory servers from Python programs. Mainly it wraps the OpenLDAP 2.x libs for that purpose. Additionally the package contains modules for other LDAP-related stuff e.g. processing LDIF, LDAPURLs, LDAPv3 schema, LDAPv3...
kernel: team: better TEAM_OPTION_TYPE_STRING validation
In the Linux kernel, the following vulnerability has been resolved: team: better TEAMOPTIONTYPESTRING validation syzbot reported following splat 1 Make sure user-provided data contains one nul byte. 1 BUG: KMSAN: uninit-value in stringnocheck lib/vsprintf.c:633 inline BUG: KMSAN: uninit-value in...
Improper Neutralization of Null Byte or NUL Character
Overview Affected versions of this package are vulnerable to Improper Neutralization of Null Byte or NUL Character in the LZ4FcreateCDictadvanced function, when processing LZ4 frames. An attacker can cause an application to crash or trigger unintended behavior by submitting specially crafted LZ4...
USN-7828-1 python-ldap vulnerabilities
It was discovered that Python LDAP incorrectly handled special characters in the special character filtering function. A remote attacker could possibly use this issue to perform LDAP injection attacks. CVE-2025-61911 Arad Inbar discovered that Python LDAP incorrectly escaped NUL character bytes. ...
Improper Encoding or Escaping of Output
Overview python-ldap is a Python modules for implementing LDAP clients Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the escapednchars function. An attacker can cause client-side failures, such as unhandled exceptions or process crashes, by...
CVE-2025-61912 python-ldap Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination
python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, ldap.dn.escapednchars escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to...
CVE-2025-61912
CVE-2025-61912 concerns python-ldap prior to 3.4.5, where ldap.dn.escape_dn_chars() escapes the NUL byte as a backslash-NUL instead of the RFC‑4514 form \00. This can cause client-side denial of service when untrusted input is used to construct DNs, as requests may be dropped before contacting an...
Linux Distros Unpatched Vulnerability : CVE-2025-11149
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects all versions of the package node-static; all versions of the package @nubosoftware/node- static. The package fails to catch an exception when user...
Linux Distros Unpatched Vulnerability : CVE-2025-61985
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. CVE-2025-61985 Note th...
SUSE CVE-2025-61985
ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used...
EUVD-2012-2234
Malware in sbrugna...
EUVD-2005-2539
Malware in sbrugna...
EUVD-2008-7027
Malware in sbrugna...