Searching hex encoded software vulnerabilities

Oracle Web Listener 2.1 allows remote attackers

restrictions | HTTP-encoded | attackers | replacing | character | Listener | access | allows | Oracle | bypass | remote | its | Web | URL |

Oracle Web Listener 2.1 allows remote attackers to bypass access restrictions by replacing a character in the URL with its HTTP-encoded (hex) equivalent.


BadBlue server allows remote attackers to read

hex-encoded | restricted | attackers | contains | BadBlue | request | allows | EXTINI | server | remote | files | byte | null | such | read | HTTP | via |

BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte.


DansGuardian before 2.4.5-1 allows remote attac

DansGuardian | hex-encoded | attackers | filtering | content | bypass | before | allows | remote | rules | 245-1 | URLs | via |

DansGuardian before 2.4.5-1 allows remote attackers to bypass content filtering rules via hex-encoded URLs.


Microsoft MSN Messenger Service 1.0 through 4.6

Messenger | attackers | Microsoft | through | Service | denial | remote | allows | cause | MSN |

Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field.


Mozilla 0.9.6 and earlier and Netscape 6.2 and

Mozilla |

Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.


Savant Web Server 3.1 and earlier allows remote

authentication | attackers | protected | password | earlier | folders | encoded | Server | Savant | allows | remote | bypass | space | user | hex | Web | via | URL |

Savant Web Server 3.1 and earlier allows remote attackers to bypass authentication for password protected user folders via a URL with a hex encoded space (%20) and a '.' (%2e) at the end of the filename.


Zone Labs IMsecure and IMsecure Pro before 1.5

extenstions | containing | Filtering | attackers | IMsecure | instant | encoded | message | Active | before | remote | bypass | allow | file | Labs | Link | Zone | Pro | via | URL | hex |

Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers to bypass Active Link Filtering via an instant message containing a URL with hex encoded file extenstions.


Directory traversal vulnerability in ParaChat S

vulnerability | attackers | arbitrary | traversal | Directory | ParaChat | remote | Server | allows | files | read | %5C | via |

Directory traversal vulnerability in ParaChat Server 5.5 allows remote attackers to read arbitrary files via a ..%5C (hex-encoded dot dot) in the URL.


The Web Filtering functionality in Kerio Person

functionality | Filtering | Personal | Firewall | Kerio | Web |

The Web Filtering functionality in Kerio Personal Firewall (KPF) 4.0.13 allows remote attackers to cause a denial of service (crash) by sending hex-encoded URLs containing "%13%12%13".


SQL injection vulnerability in userlogin.php in

vulnerability | userloginphp | injection | Phorum | SQL |

SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows remote attackers to execute arbitrary SQL commands via doubly hex-encoded characters such as "%2527", which is translated to "'", as demonstrated using the phorum_uriauth parameter to list.php.


Netgear RP114 allows remote attackers to bypass

demonstrated | requesting | attackers | filtering | keyword | Netgear | allows | remote | bypass | number | large | using | based | RP114 | long | %20 | URL |

Netgear RP114 allows remote attackers to bypass the keyword based URL filtering by requesting a long URL, as demonstrated using a large number of %20 (hex-encoded space) sequences.


DansGuardian 2.8 and earlier allows remote atta

DansGuardian | attackers | extension | filtering | filename | earlier | encoded | remote | bypass | allows | rule | via | hex |

DansGuardian 2.8 and earlier allows remote attackers to bypass the extension filtering rule via a hex encoded extension or . in the filename.


Directory traversal vulnerability in ADA Image

vulnerability | Directory | traversal | Server | Image | ADA |

Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 allows remote attackers to read arbitrary files or list directories via hex-encoded "..//" sequences ("%2e%2e%2f%2f").


Directory traversal vulnerability in ComGetLogF

ComGetLogFilephp3 | vulnerability | TrackerCam | Directory | traversal |

Directory traversal vulnerability in ComGetLogFile.php3 for TrackerCam 5.12 and earlier allows remote attackers to read arbitrary files via ".." sequences and (1) "/" slash), (2) "\" (backslash), or (3) hex-encoded characters in the fn parameter.


PHP-Post allows remote attackers to spoof the n

hex-encoded | registering | characters | containing | attackers | username | PHP-Post | remote | allows | names | spoof | users | other |

PHP-Post allows remote attackers to spoof the names of other users by registering with a username containing hex-encoded characters.


ProfitCode PayProCart 3.0 allows remote attacke

adminshop/indexphp | authentication | administrative | demonstrated | hex-encoded | privileges | PayProCart | ProfitCode | sequences | attackers | parameter | request | ftoedit | control | bypass | remote | allows | direct | admin | panel | gain | via |

ProfitCode PayProCart 3.0 allows remote attackers to bypass authentication and gain administrative privileges to the admin control panel, as demonstrated via a direct request to adminshop/index.php with hex-encoded .. sequences in the ftoedit parameter.


HTTP Response Splitting vulnerability in the Su

vulnerability | hex-encoded | attackers | Splitting | PHP-Nuke | Response | content | Surveys | caches | poison | allows | module | remote | spoof | HTTP | CRLF | web | via |

HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter.


Directory traversal vulnerability in apexec.pl

vulnerability | hex-encoded | Foundation | characters | attackers | Directory | traversal | arbitrary | apexecpl | Anaconda | allows | remote | files | null | read | via |

Directory traversal vulnerability in apexec.pl for Anaconda Foundation Directory allows remote attackers to read arbitrary files via hex-encoded null characters (%00) in the middle of ".." sequences in the template parameter.


Mercur Messaging 2005 SP2 allows remote attacke

Messaging | Mercur |

Mercur Messaging 2005 SP2 allows remote attackers to read the source code of .ctml files via a URL with a trailing hex-encoded space ("%20").


Finjan SurfinGate 7.0SP2 and SP3 allows remote

demonstrated | hex-encoded | characters | SurfinGate | attackers | download | filename | blocked | allows | Finjan | remote | 70SP2 | using | "%2e" | files | via | SP3 |

Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download blocked files via hex-encoded characters in a filename, as demonstrated using "%2e".


Software vulnerabilities results 1 to 20 of 244     
Page: 12345...13