11 matches found
Astra Linux – Vulnerability in Shadow
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly for example, adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file...
SEPPmail Secure Email Gateway 安全漏洞
SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.3 contained security vulnerabilities. These vulnerabilities allowed attackers to use Unicode-like characters to bypass topic cleanin...
EUVD-2025-208198
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Thephpleague Flysystem
CVE-2021-32708 Affected versions of this package are vulnerabl...
GitHub Security Lab: [Python] Add Unicode Bypass Validation query tests and help
Vulnerability description not provided...
In Shadow 4.13 it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g. adding a new user fails because \n is in the block list) it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words an adversary may be able to convince a system administrator to take the system offline (an indirect social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.
...
CVE-2018-7289
An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Malware with filenames containing pure UTF-16 characters can bypass detection. The user-mode service will fail to open the file for scanning after the conversion is done from Unicode to ANSI. This happens...
Blade API Monitor Unicode Bypass (Serial Number BOF)
No description provided by source. !/usr/bin/python -w --------------------------------------------------------------------------------- Exploit: Blade API Monitor Unicode Bypass Serial Number BOF Author: b33f Ruben Boonen - http://www.fuzzysecurity.com http://www.fuzzysecurity.com/exploits/8.htm...
Blade API Monitor Unicode Bypass (Serial Number BOF)
Exploit for windows platform in category local exploits !/usr/bin/python -w --------------------------------------------------------------------------------- Exploit: Blade API Monitor Unicode Bypass Serial Number BOF Author: b33f Ruben Boonen - http://www.fuzzysecurity.com...
Blade API Monitor - Unicode Bypass Serial Number Buffer Overflow
!/usr/bin/python -w --------------------------------------------------------------------------------- Exploit: Blade API Monitor Unicode Bypass Serial Number BOF Author: b33f Ruben Boonen - http://www.fuzzysecurity.com http://www.fuzzysecurity.com/exploits/8.html OS: WinXP PRO SP3 Software:...
ISS Security Alert: Multiple Vendor IDS Unicode Bypass Vulnerability
Internet Security Systems Security Alert September 5, 2001 Multiple Vendor IDS Unicode Bypass Vulnerability Synopsis: ISS X-Force is aware of a vulnerability in many commercial and open- source IDS Intrusion Detection System products that may allow attackers to evade detection. Microsoft Web serv...