CVE-2021-45467

In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/accountnewcreate&acc=guadaapi URI. Any number of %00...

Improper Neutralization of Null Byte or NUL Character

Overview std/syscall is a Go standard library package std/syscall Affected versions of this package are vulnerable to Improper Neutralization of Null Byte or NUL Character. Go Vulnerability Report: Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on...

CVE-2022-2778

In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes...

CVE-2022-2778

In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes...

Design/Logic Flaw

In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes...

CVE-2022-2778

CVE-2022-2778 affects Octopus Deploy. The connected documents describe a vulnerability that allows bypassing login rate limiting by using null bytes, enabling potential repeated login attempts without proper throttling. The description consistently ties this to Octopus Deploy implementations and ...

CVE-2022-2778

In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes...

PT-2022-18578 · Unknown · Octopus Deploy

Name of the Vulnerable Software and Affected Versions: Octopus Deploy affected versions not specified Description: The issue allows bypassing rate limiting on login using null bytes. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

Octopus Deploy 安全漏洞

Octopus Deploy is an automation tool for .NET, Java, and other application development and deployment from Octopus Deploy Australia. A security vulnerability exists in Octopus Deploy that stems from the ability to bypass login rate limits using null bytes...

ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch?

A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the built-in methods File.fnmatch and its alias File.fnmatch? did not properly handle path patterns containing the NULL byte. A remote attacker could exploit this flaw to make a Ruby...

PT-2022-3811

Name of the Vulnerable Software and Affected Versions CentOS Web Panel versions prior to 0.9.8.1107 Description The issue is related to incorrect handling of code generation in CentOS Web Panel, allowing a remote attacker to execute arbitrary code using a specially crafted request. An...

Nim code issue vulnerability

Nim is a statically typed programming language from the Nim community. nim has a code issue vulnerability that can be exploited by attackers to bypass checks and launch SSRF attacks using null bytes...

RUSTSEC-2021-0123 Converting `NSString` to a String Truncates at Null Bytes

Methods of NSString for conversion to a string may return a partial result. Since they call CStr::fromptr on a pointer to the string buffer, the string is terminated at the first null byte, which might not be the end of the string. In addition to the vulnerable functions listed for this issue, th...

CVE-2021-41259

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Notes: None...

编号撤回

Nim is a statically typed programming language from the Nim community. nim has a code issue vulnerability that can be exploited by attackers to bypass checks and launch SSRF attacks using null bytes...

Denial of Service in node-static

All versions of node-static are vulnerable to a Denial of Service. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...

ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch?

A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the built-in methods File.fnmatch and its alias File.fnmatch? did not properly handle path patterns containing the NULL byte. A remote attacker could exploit this flaw to make a Ruby...

Denial of Service (DoS)

Overview @nubosoftware/node-static is a simple, compliant file streaming module for node Affected versions of this package are vulnerable to Denial of Service DoS. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and cras...

GHSA-537H-RV9Q-VVPH Python-RSA decryption of ciphertext leads to DoS

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.

...