CVE-2024-45293

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that allow users to upload their own Excel XLS...

Server Side Request Forgery

nuxt-api-party is vulnerable to Cross-Site Request Forgery. The vulnerability exists due to a faulty regurlar expression which does not take white spaces into account validation within server.ts, allowing an attacker to execute requests bypasssing the whitelist, leading to unauthorized access...

HTTP Request Smuggling

Netty is vulnerable to HTTP request smuggling. The attack is possible because it fails to correctly handle white spaces in HTTP header names...

Scientific Linux Security Update : file on SL6.x i386/x86_64 (20141014)

Multiple denial of service flaws were found in the way file parsed certain Composite Document Format CDF files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. CVE-2014-0237, CVE-2014-0238, CVE-2014-3479,...

Moderate: Red Hat Security Advisory: file security and bug fix update

Updated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings,...

Mango cloud KODExlporer design flaws lead to arbitrary code execution-vulnerability warning-the black bar safety net

http://www.wooyun.org/bugs/wooyun-2014-066056 About the content: http://www.kalcaddle.com The test account permissions: default The problem is in the renaming. I upload. php file is not executed, ok, then change suffix to. ph After a successful upload, 改名.php, tips no limit. Well, 改名.php ,rename ...

Stack overflow

Stack-based buffer overflow in the assembleline function in modules/pamenv/pamenv.c in Linux-PAM aka pam before 1.1.5 allows local users to cause a denial of service crash and possibly execute arbitrary code via a long string of white spaces at the beginning of the /.pamenvironment file...

CVE-2011-3148

Stack-based buffer overflow in the assembleline function in modules/pamenv/pamenv.c in Linux-PAM aka pam before 1.1.5 allows local users to cause a denial of service crash and possibly execute arbitrary code via a long string of white spaces at the beginning of the /.pamenvironment file...

konquerer -- address bar spoofing

The KDE development team reports: The Konqueror address bar is vulnerable to spoofing attacks that are based on embedding white spaces in the url. In addition the address bar could be tricked to show an URL which it is intending to visit for a short amount of time instead of the current URL...