Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2018-1203)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Denial Of Service (DoS)

GPAC4iOS is vulnerable to denial of service DoS. The vulnerability exists because it does not properly handle NULL byte in cfg object in the function AVCDuplicateConfig at avcext.c before the assigning cfgnew-AVCLevelIndication = cfg-AVCLevelIndication;, resulting in a null pointer dereference an...

DEBIAN-CVE-2019-11763

Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML...

CVE-2018-8780

It was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script. Mitigation It is possible to test for presence of the NULL byte manually...

CVE-2019-11045

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...

CVE-2019-11044

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...

PT-2019-5046 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions 7.2.x through 7.2.25 PHP versions 7.3.x through 7.3.12 PHP version 7.4.0 Description: The issue is related to the link function in PHP, which accepts filenames with embedded 0 byte and treats them as terminating at that byte. Thi...

PT-2019-4727 · Php +7 · Php +7

Name of the Vulnerable Software and Affected Versions: PHP versions 7.2.x through 7.2.25 PHP versions 7.3.x through 7.3.12 PHP version 7.4.0 Description: The issue arises from the PHP DirectoryIterator class accepting filenames with embedded 0 byte and treating them as terminating at that byte...

Heap overflow

An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. A specially crafted J2K image file can cause an out of bounds write of a null byte in a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K...

CVE-2019-11936

Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1...

UBUNTU-CVE-2019-19330

The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return CR, ASCII 0xd, line feed LF, ASCII 0xa, and the zero character NUL, ASCII 0x0, aka Intermediary Encapsulation Attacks...

DEBIAN-CVE-2012-6123

Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack."...

Virtuozzo 7 : dovecot / dovecot-devel / dovecot-mysql / etc (VZLSA-2019-2836)

An update for dovecot is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

NETGEAR AC1200 mini_httpd Poison Null Byte Authentication Bypass Vulnerability

The NETGEAR AC1200 is a wireless router from NETGEAR. A security vulnerability exists in the path string handling process in the NETGEAR AC1200. An attacker could exploit the vulnerability to bypass authentication on the system...

CVE-2019-11500

A flaw was found in dovecot. IMAP and ManageSieve protocol parsers do not properly handle the NULL byte when scanning data in quoted strings which leads to an out of bounds heap memory write. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

U.S. Dept Of Defense: Null byte Injection in https://████/

Description: Microsoft .NET Framework is prone to multiple NULL-byte injection vulnerabilities because it fails to adequately sanitize user-supplied data. Vulnerable URL: https://████/%2F%20This%20website%20is%20vulnerable%20to%20NULL%20BYTE%20INJECTION/ Steps to Reproduce: 1 An attacker can...

CVE-2008-1284

Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name...

Important: Red Hat Security Advisory: dovecot security update

An update for dovecot is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes

A flaw was found in dovecot. IMAP and ManageSieve protocol parsers do not properly handle the NULL byte when scanning data in quoted strings which leads to an out of bounds heap memory write. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Byte Free Shellcode (107 Bytes)

/ ; name : Exploit Title: Linux/x86 - TCP reverse shell 127.0.0.1 nullbyte free ; author : Sandro "guly" Zaccarini ; twitter : @theguly ; blog : https://gulyslae.github.io/ ; SLAE32 : SLAE-1037 ; purpose : the program will create a new connection to 127.0.0.1:4444 and spawns a shell ; this code h...