NaviCOPA Trailing Dot Source Code Disclosure

The version of the NaviCOPA web server software running on the remote host returns the source of scripts hosted on it if the URL ends in a dot '.'. A remote attacker can leverage this issue to view the source code of CGIs and possibly obtain passwords and other sensitive information from this hos...

Crlf injection

CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF %0D%0A before the FTP command, which causes the commands to be inserted into an authenticated FTP connection established...

CVE-2007-6514

Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "" backslash, which is not handled by the intended AddType directive...

CVE-2007-6514

Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "" backslash, which is not handled by the intended AddType directive...

CVE-2007-6437

Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows remote attackers to cause a denial of service crash via a message with a timestamp that does not contain a trailing space, which triggers a NULL pointer dereference...

CVE-2002-2351

Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." dot...

CVE-2003-1408

Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot...

Spoofing of URI possible in Konqueror's address bar

konqueror/konqcombo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed...

Spoofing of URI possible in Konqueror's address bar

konqueror/konqcombo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed...

CVE-2007-3946

modauth httpauth.c in lighttpd before 1.4.16 allows remote attackers to cause a denial of service daemon crash via unspecified vectors involving 1 a memory leak, 2 use of md5-sess without a cnonce, 3 base64 encoded strings, and 4 trailing whitespace in the Auth-Digest header...

DEBIAN-CVE-2007-3949

modaccess.c in lighttpd 1.4.15 ignores trailing / slash characters in the URL, which allows remote attackers to bypass url.access-deny settings...

CVE-2007-3819

Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed...

Design/Logic Flaw

Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed...

CVE-2007-3819

Opera 9.21 is affected by CVE-2007-3819: a vulnerability that lets remote attackers spoof the data: URI scheme in the address bar by providing a long URI with trailing whitespace, which prevents the initial part of the URI from being displayed. This can enable spoofing of the targeted site in the...

Code injection

Sergey Lyubka Simple HTTPD shttpd 1.38 allows remote attackers to obtain sensitive information script source code via a URL with a trailing encoded space %20...

security flaw

Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions...

SOL7009 - Statement on ACL bypass using trailing NULL byte - MNIN/NNL Advisory

A January 2007 security advisory describes several security issues present in some versions of FirePass software. One section in the document, titled ACL Filter bypass with URL de-normalization, states that Portal Access ACL filters can be bypassed if a user appends a trailing NULL byte after the...

Directory traversal

F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via 1 a trailing null byte, 2 multiple leading slashes, 3 Unicode encoding, 4 URL-encoded directory traversal or same-directory characters, or 5 upper case letters in the domain name...

CVE-2007-0187

F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via 1 a trailing null byte, 2 multiple leading slashes, 3 Unicode encoding, 4 URL-encoded directory traversal or same-directory characters, or 5 upper case letters in the domain name...

libksba DoS

DoS on parsing X.509 certificate with trailing information...