curl: FTP path trickery leads to NIL byte out of bounds write

It was found that libcurl did not safely parse FTP URLs when using the CURLOPTFTPFILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash or an unspecified behavior...

UBUNTU-CVE-2018-18585

chmdreadheaders in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character such as the "/\0" name...

ALPINE-CVE-2018-15501

In ngpkt in transports/smartpkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS...

CVE-2018-1000120

It was found that libcurl did not safely parse FTP URLs when using the CURLOPTFTPFILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash or an unspecified behavior. Mitigati...

javascript: url with a leading NULL byte can bypass cross origin protection.

javascript: url with a leading NULL byte can bypass cross origin protection. Well, it's not exactly StartsWith, but the same thing for all intents and purposes. In BindingDOMWindow::createWindow there's a call to protocolIsJavaScript, which is a thin wrapper over protocolIs, which is basically ju...

MikroTik RouterOS Multiple Vulnerabilities

MicroTik RouterOS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:mikrotik:routeros"; if...

Denial Of Service (DoS)

salt is vulnerable to denial of service DoS attacks. The attacks can be triggered when a malicious user sends an authentication request with payload containing an id with a null byte...

CVE-2017-15008

PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element...

Microsoft IIS UrlScan Module Bypass Vulnerability

Exploit for windows platform in category remote exploits Paper Title: Microsoft IIS UrlScan Module Bypass Software Link: https://www.iis.net/downloads/microsoft/urlscan Author: Steven Kaun Gh0st Contact: https://twitter.com/AngryMilks Website: https://gh0sthacks.blogspot.com/ Preface Identified...

DEBIAN-CVE-2015-5146

ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service service crash via a NULL byte in a crafted configuration...

CVE-2015-5146

ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service service crash via a NULL byte in a crafted configuration...

Legal Robot: Null Byte Injection in all fields of Profile

Hi Team, Null byte injection is possible in all the fields of Edit Profile functionality. Affected URL: https://app.legalrobot.com/account Description: Possible Injection of control characters, such as Null Byte 0x00, \000, \x00, \z, or the Unicode representation \u0000 into vulnerable fields in...

CVE-2017-1000052

Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions...

CVE-2017-1000052

Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions...

Sql injection

Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions...

CVE-2017-1000052

Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions...

CVE-2017-1000052

CVE-2017-1000052 affects Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2, where the Plug.Static component is vulnerable to a null byte injection that may allow bypassing filetype restrictions. The issue enables a local attacker to exploit the static file serving path, with impact described a...

WP Rocket <= 2.10.3 - Local File Inclusion (LFI)

Requires older versions of PHP that are vulnerable to null byte injection...

Remote Code Execution (RCE)

glassfish web-core is susceptible to remote code execution. It does not prevent NULL \0 byte injection in repository path of PartItem, allowing potential file manipulation via Java object deserialization. Moreover, it does not validate the existence of the NULL \0 byte when an older Java VM is...

onArcade 2.4.x Local File Disclosure Vulnerability

Exploit for php platform in category web applications Exploit Title: onArcade 2.4.x Local File Get Contents Vulnerability Google Dork: inurl:"cup.php?a=all" Date: 23 Mar 2017 Exploit Author: Deyaa Muhammad Author Mail: contact at deyaa.me Exploit Blog:...