SUSE CVE-2006-6383

PHP 5.2.0 and 4.4 allows local users to bypass safemode and openbasedir restrictions via a malicious path and a null byte before a ";" in a sessionsavepath argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.savepath...

SUSE CVE-2007-0981

Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname location.hostname DOM property, due to...

SUSE CVE-2007-1717

The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ '\0' byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases...

SUSE CVE-2007-4850

curl/interface.c in the cURL library aka libcurl in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safemode and openbasedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563...

SUSE CVE-2008-1284

Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name...

SUSE CVE-2008-4326

The PMAescapeJsString function in libraries/jsescape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting XSS protection mechanisms and conduct XSS attacks via a NUL byte inside a "/script" sequence...

SUSE CVE-2008-6592

thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" aka flat and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cachedir parameter containing a %00 encoded null by...

SUSE CVE-2009-2666

socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification...

SUSE CVE-2009-2700

src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a...

SUSE CVE-2009-3767

libraries/libldap/tlso.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers vi...

SUSE CVE-2009-4034

PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which 1 allows man-in-the-middle...

SUSE CVE-2012-1502

Double free vulnerability in the PyPAMconv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a NULL byte in a password string...

SUSE CVE-2013-2185

The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar iss...

SUSE CVE-2013-2186

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

SUSE CVE-2013-4073

The OpenSSL::SSL.verifycertificateidentity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows...

SUSE CVE-2013-4248

The opensslx509parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL...

SUSE CVE-2014-3504

The 1 serfsslcertissuer, 2 serfsslcertsubject, and 3 serfsslcertcertificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof...

SUSE CVE-2014-9043

The userldap aka LDAP user and group backend application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind...

SUSE CVE-2015-2348

The moveuploadedfile implementation in ext/standard/basicfunctions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected...

SUSE CVE-2015-3008

Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain nam...