Zend Access Restriction Bypass

The 1 ZendLdap class in Zend before 1.12.9 and 2 Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind...

flatpak: Permissions granted to applications can be hidden from the user at install time

An incorrect authorization vulnerability was found in Flatpak. Flatpak does not properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime in the case that there's a null byte in the metadata file of an app...

WordPress plugin Admin Word Count Column arbitrary file reading vulnerability

WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. PHP is a scripting language that executes on the server side. WordPress plugin Admin An arbitrary file reading vulnerability exists in Word Count Column 2.2 and earlier versions, which...

CVE-2022-1390

The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile, which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a...

Deserialization of untrusted data

The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile, which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a...

CVE-2022-1390

CVE-2022-1390 affects the WordPress plugin Admin Word Count Column (versions

The vulnerability relates to the implementation of `pcntl_exec` in the PHP programming language interpreter. It arises due to an error in processing paths to files containing the character `\x00`. This allows attackers to circumvent existing security restrictions and execute arbitrary code.

The vulnerability of implementing pcntlexec in the PHP programming language is related to an error in processing paths to files containing the character \x00. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and execute arbitrary code...

The vulnerability of the PHP interpreter is related to an error in processing paths to files containing the character \x00. This error allows attackers to gain unauthorized access to files or directories.

The vulnerability of the PHP interpreter extension is related to an error in processing paths to files containing the character \x00. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to files or directories...

Null Byte Injection in Plug.Static

Plug.Static is used for serving static assets, and is vulnerable to null byte injection. If file upload functionality is provided, this can allow users to bypass filetype restrictions. We recommend all applications that provide file upload functionality and serve those uploaded files locally with...

GHSA-2Q6V-32MR-8P8X Null Byte Injection in Plug.Static

Plug.Static is used for serving static assets, and is vulnerable to null byte injection. If file upload functionality is provided, this can allow users to bypass filetype restrictions. We recommend all applications that provide file upload functionality and serve those uploaded files locally with...

MGASA-2022-0131 Updated flatpak packages fix security vulnerability

Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there's a null byte in the metadata file of an app. CVE-2021-43860 Path traversal vulnerability CVE-2022-21682 Vario...

Updated flatpak packages fix security vulnerability

Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there's a null byte in the metadata file of an app. CVE-2021-43860 Path traversal vulnerability CVE-2022-21682 Vario...

PT-2022-16879 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions 0.3.1 and prior Description: The issue arises from the comparison of bytestrings, which can yield incorrect results due to the presence of dirty bytes or the lack of length comparison. Specifically, two bytestrings can compare ...

WordPress admin-word-count-column 2.2 - Local File Read Vulnerability

Exploit Title: WordPress Plugin admin-word-count-column 2.2 - Local File Download Google Dork: inurl:/wp-content/plugins/admin-word-count-column/ Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/admin-word-count-column/ Version: 2.2 Contact me: h at...

WordPress Admin Word Count Column 2.2 Local File Inclusion

Exploit Title: WordPress Plugin admin-word-count-column 2.2 - Local File Download Google Dork: inurl:/wp-content/plugins/admin-word-count-column/ Date: 27-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/admin-word-count-column/ Version: 2.2...

Admin Word Count Column <= 2.2 - Unauthenticated Arbitrary File Read

The plugin does not validate the path parameter given to readfile, which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique PoC...

CVE-2022-25219

A null byte interaction error has been discovered in the code that the telnetdstartup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP...

CVE-2022-25218

The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetdstartup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the "plaintext" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL's...

CVE-2022-25218

The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetdstartup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the "plaintext" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL's...

CVE-2022-25219

A null byte interaction error has been discovered in the code that the telnetdstartup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP...