1151 matches found
php: missing null byte checks for paths in various PHP extensions
It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...
php: move_uploaded_file() NUL byte injection in file name
It was found that PHP moveuploadedfile function did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...
Mandriva Linux Security Advisory : asterisk (MDVSA-2015:206)
Updated asterisk packages fix security vulnerability : When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null...
Asterisk TLS Certificate Common Name NULL Byte Vulnerability (AST-2015-003)
According to its SIP banner, the version of Asterisk running on the remote host is potentially affected by flaw related to certificate validation when registering a SIP TLS device due to not properly verifying a server hostname against an X.509 Common Name CN field that has a NULL byte appended...
DEBIAN-CVE-2015-3008
Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain nam...
UBUNTU-CVE-2015-3008
Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain nam...
FreeBSD : asterisk -- TLS Certificate Common name NULL byte exploit (5fee3f02-de37-11e4-b7c3-001999f8d30b)
The Asterisk project reports : When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion o...
asterisk -- TLS Certificate Common name NULL byte exploit
The Asterisk project reports: When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of...
PHP move_uploaded_file implementation securely bypasses file creation vulnerability
PHP is a popular programming language. The moveuploadedfile implementation in PHP ext/standard/basicfunctions.c fails to properly handle the \x00 character in pathnames, allowing remote attackers to bypass extension limits and create files using special parameters...
UBUNTU-CVE-2015-2348
The moveuploadedfile implementation in ext/standard/basicfunctions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected...
Fedora 21 : php-5.6.6-1.fc21 (2015-2315)
19 Feb 2015, PHP 5.6.6 Core : - Removed support for multi-line headers, as the are deprecated by RFC 7230. Stas - Fixed bug 67068 getClosure returns somethings that's not a closure. Danack at basereality dot com - Fixed bug 68942 Use after free vulnerability in unserialize with DateTimeZone...
CVE-2014-9043
The userldap aka LDAP user and group backend application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind...
Authentication flaw
The userldap aka LDAP user and group backend application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind...
[ MDVSA-2014:216 ] php-ZendFramework
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:216 http://www.mandriva.com/en/support/security/ Package : php-ZendFramework Date : November 20, 2014 Affected: Business Server 1.0 Problem Description: A vulnerability has been found and corrected in...
php: gd extension NUL byte injection in file names
It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions...
php: gd extension NUL byte injection in file names
It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions...
MGASA-2014-0434 Updated php-ZendFramework packages fix security vulnerabilities
Due to a bug in PHP's LDAP extension, when ZendFramework's Zendldap class is used for logins, an attacker can login as any user by using a null byte to bypass the empty password check and perform an unauthenticated LDAP bind CVE-2014-8088. The sqlsrv PHP extension, which provides the ability to...
Updated php-ZendFramework packages fix security vulnerabilities
Due to a bug in PHP's LDAP extension, when ZendFramework's Zendldap class is used for logins, an attacker can login as any user by using a null byte to bypass the empty password check and perform an unauthenticated LDAP bind CVE-2014-8088. The sqlsrv PHP extension, which provides the ability to...
PT-2020-7742 · Zend · Zend Framework
Name of the Vulnerable Software and Affected Versions: Zend Framework versions prior to 1.12.9 Zend Framework versions 2.2.x prior to 2.2.8 Zend Framework versions 2.3.x prior to 2.3.3 Description: The issue allows remote attackers to execute arbitrary SQL commands via a null byte when using the...
Fedora 20 : php-ZendFramework2-2.3.3-2.fc20 (2014-13302)
Security release - ZF2014-05, which mititages null byte poisoning of the password provided for LDAP authentication, thus prevening unauthorized LDAP binding. This corrects for unpatched versions of PHP versions 5.5.11 and below, 5.4.27 and below, and any prior releases. - ZF2014-06, which mitigat...