CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1151 matches found

OSV•added 2017/03/14 10:59 p.m.•2 views

CVE-2016-8005

File extension filtering vulnerability in Intel Security McAfee Email Gateway MEG before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename extension...

6.5CVSS5.8AI score0.00719EPSS

Exploits0References1

Prion•added 2017/03/14 10:59 p.m.•16 views

Design/Logic Flaw

4CVSS6.9AI score0.00719EPSS

Exploits0References1Affected Software1

Prion•added 2017/03/14 10:59 p.m.•15 views

Directory traversal

A directory traversal vulnerability in the web application in McAfee now Intel Security SaaS Control Console SCC Platform 6.14 before patch 1070, and 6.15 before patch 1076 allows unauthenticated users to view contents of arbitrary system files that did not have file system level read access...

5CVSS7.2AI score0.01767EPSS

Exploits0References1Affected Software1

CVE•added 2017/03/14 10:0 p.m.•45 views

CVE-2016-8005

CVE-2016-8005 is a file-extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) prior to 7.6.404h1128596. An attacker can bypass proper filename detection by forging a filename with a null byte in the extension, as described in NVD and relatedOpenVAS entries. Affected produ...

6.5CVSS6.3AI score0.00719EPSS

Exploits0References1Affected Software1

0day.today•added 2017/01/23 12:0 a.m.•25 views

PHP 7.1.0 / 5.6.29 missing null byte checks for paths in ZipArchive::extractTo Vulnerability

Exploit for php platform in category dos / poc Description: ------------ ZipArchive-extractTo doesn’t ensure that pathnames lack NULL byte, which might allow attacker to manipulate the directory path. Affected method: ------------------------------------------ static ZIPARCHIVEMETHODextractTo...

7AI score

Exploits0

0day.today•added 2017/01/23 12:0 a.m.•23 views

PHP 7.1.0 / 5.6.29 missing null byte checks for paths in curl_file_create() Vulnerability

Exploit for php platform in category dos / poc Description: ------------ Missing null byte checks for paths in curlfilector curlfilecreate doesn’t ensure that pathnames lack NULL byte, which might allow attacker to manipulate the upload file name and path. Affected code:...

7AI score

Exploits0

0day.today•added 2017/01/23 12:0 a.m.•19 views

PHP 7.1.0 / 5.6.29 missing null byte checks for paths in exif_imagetype Vulnerability

Exploit for php platform in category dos / poc Description: ------------ exifimagetype doesn’t ensure that pathnames lack NULL byte, which might allow attacker to manipulate the file path. =============================================== Affected code: PHPFUNCTIONexifimagetype char imagefile; size...

7.4AI score

Exploits0

Veracode•added 2016/12/12 7:51 a.m.•9 views

Null Byte Corruption

bson is vulnerable to null byte corruptions. A malicious user can insert a null byte into a cstring when encoding, terminating the string prematurely. This can lead to security issues such as buffer overflows...

6.8AI score

Exploits0

OSV•added 2016/12/11 2:59 a.m.•1 views

ALPINE-CVE-2016-9849

An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction $cfg'Servers'$i'AllowRoot' and deny rules for username by using Null Byte in the username. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

9.8CVSS7AI score0.01964EPSS

Exploits0References1

OSV•added 2016/12/11 2:59 a.m.•0 views

DEBIAN-CVE-2016-9849

9.8CVSS9.3AI score0.01964EPSS

Exploits0References1

OSV•added 2016/12/11 2:59 a.m.•24 views

CVE-2016-9849

9.8CVSS6.9AI score

Exploits0References4

UbuntuCve•added 2016/12/11 2:59 a.m.•17 views

CVE-2016-9849

9.8CVSS7.2AI score0.01964EPSS

Exploits0References3

OSV•added 2016/12/11 2:59 a.m.•1 views

UBUNTU-CVE-2016-9849

9.8CVSS7.3AI score0.01964EPSS

Exploits0References4

Prion•added 2016/12/11 2:59 a.m.•15 views

Design/Logic Flaw

7.5CVSS6.8AI score0.01964EPSS

Exploits0References4Affected Software1

Cvelist•added 2016/12/11 2:0 a.m.•26 views

CVE-2016-9849

9.3AI score0.01964EPSS

Exploits0References4

CVE•added 2016/12/11 2:0 a.m.•103 views

CVE-2016-9849

CVE-2016-9849 affects phpMyAdmin; the vulnerability lets an attacker bypass the AllowRoot restriction and deny rules for usernames by injecting a null byte into the username. Affected are all 4.6.x versions prior to 4.6.5, 4.4.x prior to 4.4.15.9, and 4.0.x prior to 4.0.10.18. Exploitation could ...

9.8CVSS9.2AI score0.01964EPSS

Exploits0References4Affected Software1

Debian CVE•added 2016/12/11 2:0 a.m.•24 views

CVE-2016-9849

9.8CVSS9.5AI score0.01964EPSS

Exploits0

AlpineLinux•added 2016/12/11 2:0 a.m.•21 views

CVE-2016-9849

9.8CVSS9.4AI score0.01964EPSS

Exploits0

phpMyAdmin•added 2016/11/25 12:0 a.m.•40 views

Username deny rules bypass (AllowRoot & Others) by using Null Byte

PMASA-2016-60 Announcement-ID: PMASA-2016-60 Date: 2016-11-25 Updated: 2016-12-06 Summary Username deny rules bypass AllowRoot & Others by using Null Byte Description It is possible to bypass AllowRoot restriction $cfg'Servers'$i'AllowRoot' and deny rules for username by using Null Byte in the...

9.8CVSS7.2AI score0.01964EPSS

Exploits0Affected Software1

RedHat Linux•added 2016/11/15 11:40 a.m.•3 views

php: Invalid memory write in phar on filename containing \0 inside name

The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the pharanalyzepath function in ext/phar/phar.c...

9.8CVSS7.6AI score0.05932EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by