1151 matches found
ZOOM 多款产品代码问题漏洞
ZOOM Zoom Call Recording is a scalable session recording management solution.ZOOM on-premise Meeting Connector is a meeting connector.Zoom On- Premise Meeting Connector Controller and others are products of Zoom USA.Zoom On-Premise Meeting Connector Controller is an on-premise meeting connector. ...
GHSA-8R4G-CG4M-X23C Denial of Service in node-static
All versions of node-static are vulnerable to a Denial of Service. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...
PT-2025-39959
Name of the Vulnerable Software and Affected Versions node-static affected versions not specified @nubosoftware/node-static affected versions not specified Description The software does not properly handle user input containing null bytes. This can allow attackers to access http://host/%00 and...
ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch?
A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the built-in methods File.fnmatch and its alias File.fnmatch? did not properly handle path patterns containing the NULL byte. A remote attacker could exploit this flaw to make a Ruby...
mod_auth_digest possible stack overflow by one nul byte
...
ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch?
A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the built-in methods File.fnmatch and its alias File.fnmatch? did not properly handle path patterns containing the NULL byte. A remote attacker could exploit this flaw to make a Ruby...
Denial of Service (DoS)
Overview node-static is a rfc 2616 compliant HTTP static-file server module, with built-in caching. Affected versions of this package are vulnerable to Denial of Service DoS. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%...
zeek -- Remote crash vulnerability
Jon Siwek of Corelight reports: Fix ASCII Input reader's treatment of input files containing null-bytes. An input file containing null-bytes could lead to a buffer-over-read, crash Zeek, and be exploited to cause Denial of Service...
CentOS 8 : dovecot (CESA-2019:2822)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2019:2822 advisory. - dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes CVE-2019-11500 Note that Nessus has not tested for...
php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...
Logitech: One Click Account takeover using Ouath CSRF bypass by adding Null byte %00 in state parameter on www.streamlabs.com
Summary Hello Team I have found a bypass to the this report. 1039749 Steps To Reproduce: 1. Login to attacker's account and go to settings -- account settings. 2. Intercept the request in burp suite and click on merge twitch account. 3. Allow twitch access and once you see a get request in burp...
Improper neutralization of null byte leads to read overrun
A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior...
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value which allows attackers to trigger an out-of-bounds read aka CID-15753588bcd4.
...
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4 and possibly other versions when OpenSSL is used does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority a related issue to CVE-2009-2408.
...
php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...
ALPINE-CVE-2020-24240
GNU Bison before 3.7.1 has a use-after-free in obstackfree in lib/obstack.c called from gramlex when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug...
DEBIAN-CVE-2020-24240
GNU Bison before 3.7.1 has a use-after-free in obstackfree in lib/obstack.c called from gramlex when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug...
UBUNTU-CVE-2020-24240
GNU Bison before 3.7.1 has a use-after-free in obstackfree in lib/obstack.c called from gramlex when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug...
CVE-2020-14500 IMPROPER NEUTRALIZATION OF NULL BYTE OR NUL CHARACTER CWE-158
Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data...
NULL Byte Injection
PHP7 is vulnerable to NULL byte injection. While using getheaders with user-supplied URL, if the URL contains null byte \0, the URL will be silently truncated. This causes certain software to make incorrect assumptions about the target of the getheaders and potentially send confidential informati...