Lucene search
+L

64 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:18 a.m.4 views

SUSE CVE-2015-4026

The pcntlexec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument...

7.5CVSS7.9AI score0.1968EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2020/06/11 7:9 a.m.5 views

undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass

A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass...

8.1CVSS5.7AI score0.01584EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/05/11 8:19 p.m.5 views

undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass

A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass...

8.1CVSS5.7AI score0.01584EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/05/11 8:17 p.m.3 views

undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass

A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass...

8.1CVSS5.7AI score0.01584EPSS
Exploits0References4
CVE
CVE
added 2020/04/21 3:31 p.m.199 views

CVE-2020-1757

The connected Red Hat advisory RHSA-2024:5856 confirms CVE-2020-1757 in Undertow: servletPath normalization could truncate a path after a semicolon, enabling dangerous application mapping and a security bypass. Affected products/versions include Undertow-based components within Red Hat JBoss EAP ...

8.1CVSS7.7AI score0.01584EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2019/02/20 12:0 a.m.1 views

File inclusion vulnerability in BlueCMS us***.php9 page

BlueCMS is a free professional local portal system developed by open source combination PHP + MYSQL, focusing on local portal CMS. A file inclusion vulnerability exists in the BlueCMS us.php9 page. A remote attacker can construct a payload with the parameter $POST'pay' in the script and utilize t...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/03/08 12:0 a.m.20 views

Mozilla Firefox ESR < 45.8 Multiple Vulnerabilities

Binary data 9987.prm...

10CVSS7.7AI score0.17484EPSS
Exploits8References10
OSV
OSV
added 2015/06/09 12:0 a.m.5 views

UBUNTU-CVE-2015-4026

The pcntlexec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument...

7.5CVSS7.2AI score0.1968EPSS
Exploits1References3
OSV
OSV
added 2015/06/09 12:0 a.m.4 views

UBUNTU-CVE-2015-4025

PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to 1...

7.5CVSS7.2AI score0.20233EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/04/09 12:0 a.m.61 views

openSUSE Security Update : php5 (openSUSE-2015-295)

PHP was updated to fix three security issues. The following vulnerabilities were fixed : - use-after-free vulnerability in the processnesteddata function CVE-2015-2787 bnc924972 - unserialize SoapClient type confusion bnc925109 - moveuploadedfile truncates a pathNAME upon encountering a x00...

7.5CVSS6.9AI score0.12219EPSS
Exploits7References5
NVD
NVD
added 2014/07/24 2:55 p.m.19 views

CVE-2014-5015

bozotic HTTP server aka bozohttpd before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path...

5CVSS9.5AI score0.01743EPSS
Exploits0References7
Prion
Prion
added 2014/07/24 2:55 p.m.21 views

Design/Logic Flaw

bozotic HTTP server aka bozohttpd before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path...

5CVSS7.4AI score0.01743EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2014/07/24 2:55 p.m.7 views

UBUNTU-CVE-2014-5015

bozotic HTTP server aka bozohttpd before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path...

5CVSS7.3AI score0.01743EPSS
Exploits0References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

Linux Kernel 2.2.x/2.3/2.4.x d_path() Path Truncation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4367/info The Linux kernel dpath function converts a dentry structure into an ASCII path name. The full path to the specified dentry is returned in a fixed length buffer of size PAGESIZE bytes. Reportedly, if a dentry...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

PHP 3/4/5 Multiple Local And Remote Vulnerabilities (2)

No description provided by source. source: http://www.securityfocus.com/bid/11964/info PHP4 and PHP5 are reported prone to multiple local and remote vulnerabilities that may lead to code execution within the context of the vulnerable process. The following specific issues are reported: A heap-bas...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

PHP 3/4/5 Multiple Local And Remote Vulnerabilities (1)

No description provided by source. source: http://www.securityfocus.com/bid/11964/info PHP4 and PHP5 are reported prone to multiple local and remote vulnerabilities that may lead to code execution within the context of the vulnerable process. The following specific issues are reported: A heap-bas...

7.1AI score
Exploits0
myhack58
myhack58
added 2010/06/27 12:0 a.m.338 views

DEDECMS website management system plus/carbuyaction. php local include vulnerability-vulnerability warning-the black bar safety net

DedeCms based on PHP+MySQL technology development, supporting Windows, Linux, Unix and other server platforms, from the 2 0 0 4 year began to publish the first version began, so far has released five large version. DedeCms in a simple, robust, flexible, open source several features occupied the...

7.3AI score
Exploits0
NVD
NVD
added 2005/01/10 5:0 a.m.20 views

CVE-2004-1064

The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute...

10CVSS6.3AI score0.03735EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2005/01/10 5:0 a.m.34 views

CVE-2004-1064

The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute...

10CVSS5.9AI score0.03735EPSS
Exploits0References3
exploitpack
exploitpack
added 2004/12/15 12:0 a.m.8 views

PHP 345 - Multiple LocalRemote Vulnerabilities (2)

PHP 345 - Multiple LocalRemote Vulnerabilities 2 source: https://www.securityfocus.com/bid/11964/info PHP4 and PHP5 are reported prone to multiple local and remote vulnerabilities that may lead to code execution within the context of the vulnerable process. The following specific issues are...

0.6AI score
Exploits0
Rows per page
Query Builder