Cross-Site Scripting (XSS)

firefox is vulnerable to cross-site scripting XSS. Failure to correctly handle null bytes when processing HTML entities results in incorrectly parsing of these entities, leading to HTML comment text being treated as HTML which could result in an XSS in a web application under certain conditions...

Unspecified Vulnerability in Mozilla Firefox and Mozilla Firefox ESR (CNVD-2019-38480)

Mozilla Firefox and Mozilla Firefox ESR are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security vulnerability exists in Mozilla Firefox versions prior to 70 and...

UBUNTU-CVE-2019-11763

Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML...

Denial of Service

Overview All versions of node-static are vulnerable to a Denial of Service. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server. Recommendation No fix is currently available. Consider using an alternativ...

dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes

A flaw was found in dovecot. IMAP and ManageSieve protocol parsers do not properly handle the NULL byte when scanning data in quoted strings which leads to an out of bounds heap memory write. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes

A flaw was found in dovecot. IMAP and ManageSieve protocol parsers do not properly handle the NULL byte when scanning data in quoted strings which leads to an out of bounds heap memory write. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

CentOS 7 : libmspack (CESA-2019:2049)

An update for libmspack is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

ALPINE-CVE-2019-11500

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 and Pigeonhole before 0.5.7.2, protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution...

libmspack: chmd_read_headers() fails to reject filenames containing NULL bytes

chmdreadheaders in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character such as the "/\0" name...

ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket

It was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script...

Rejetto HTTP File Server Remote Code Execution (CVE-2014-6287)

A remote code execution vulnerability exists in Rejetto HTTP File Server. This vulnerability is due to a regular expression that fails to handle null bytes. A remote unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to a target server...

PT-2019-6811 · Chicken +1 · Chicken +1

Name of the Vulnerable Software and Affected Versions: Chicken versions prior to 4.8.0 Description: The issue arises from improper handling of NUL bytes in certain strings, allowing an attacker to conduct a "poisoned NUL byte attack." Recommendations: For versions prior to 4.8.0, update to versio...

PHP 5.6.x < 5.6.9 Multiple Vulnerabilities

According to its banner, the version of PHP 5.6.x running on the remote web server is prior to 5.6.9. It is, therefore, affected by multiple vulnerabilities : - Multiple flaws exist related to using pathnames containing NULL bytes. A remote attacker can exploit these flaws, by combining the '\0'...

Information Disclosure

Apache Tomcat HTTP/1.1 connector is vulnerable to information disclosure. A lack of validation in the URL allows remote attackers to inject NULL bytes and retrieve confidential information through reading of JSP source files when allowLinking is configured...

Greenhouse.io: Cache poisoning using NULL bytes and long URLs

This is related to a previous report I made https://hackerone.com/reports/326639. The same endpoint https://boards.greenhouse.io/embed/jobboard/js?for= is still vulnerable to arbitrary string injection, by terminating the customer key in the for parameter with a URL-encoded NULL byte i.e. %00,...

Android/ARM - Reverse TCP /system/bin/sh Shell (10.0.2.2:0x3412/TCP) Shellcode (79 bytes)

/ This ARM Thumb sc connects to a given IP and port with a shell. Intended for use with Android hence /system/bin/sh. Connects to the provided IP and port with a shell no null bytes in the code, but does this really matter these days? it could be fixed with just a few instructions. Released to th...

GHSA-PM9P-9926-W68M Denial of Service in ecstatic

ecstatic, a simple static file server middleware, is vulnerable to denial of service. If a payload with a large number of null bytes %00 is provided by an attacker it can crash ecstatic by running it out of memory. Results from the original advisory A payload of 22kB caused a lag of 1 second, A...

Denial of Service

Overview ecstatic, a simple static file server middleware, is vulnerable to denial of service. If a payload with a large number of null bytes %00 is provided by an attacker it can crash ecstatic by running it out of memory. Results from the original advisory A payload of 22kB caused a lag of 1...

CVE-2017-17537

MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, possibly related to DNS...

SQL Injection

zendframework/zendframework1 is vulnerable to SQL injection. The PDO adapters do not filter null bytes from SQL statements, allowing attackers to leverage this flaw to inject and execute SQL queries...