Searching null terminated software vulnerabilities

Webconfig, IMAP, and other services in MDaemon

Webconfig | services | MDaemon | other | IMAP |

Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier allows remote attackers to cause a denial of service via a long URL terminated by a "\r\n" string.


Vulnerability in RFC822 address parser in mutt

Vulnerability | address | before | parser | RFC822 | mutt |

Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list.


Bitvise WinSSHD before 2002-03-16 allows remote

2002-03-16 | attackers | service | Bitvise | WinSSHD | denial | allows | before | remote | cause |

Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of incomplete connections that are not properly terminated, which are not properly freed by SSHd.


Multiple SSH2 servers and clients do not proper

null-terminated | demonstrated | interactions | implemented | characters | SSHredder | arbitrary | specified | languages | attackers | possibly | Multiple | properly | protocol | servers | strings | execute | clients | service | denial | string | handle | length | remote | suite | using | could | allow | field | which | cause | null | them | SSH2 | test | code | such | due | use | SSH | not |

Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.


GoAhead Web Server 2.1.7 and earlier allows rem

GoAhead | Server | Web |

GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed.


Directory traversal vulnerability in function_f

function_foot_1incphp | vulnerability | 123tkShop | Directory | traversal | Thorsten | before | Korner |

Directory traversal vulnerability in function_foot_1.inc.php for Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences terminated by a null character in the $designNo variable, which is part of an "include" function call.


Memory leak in eServ 2.9x allows remote attacke

attackers | service | remote | denial | allows | Memory | cause | eServ | leak | 29x |

Memory leak in eServ 2.9x allows remote attackers to cause a denial of service (memory exhaustion) via a large number of connections, whose memory is not freed when the connection is terminated.


saned in sane-backends 1.0.7 and earlier, when

sane-backends | saned |

saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault).


statd in nfs-utils 1.257 and earlier does not i

nfs-utils | statd |

statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.


The binfmt_elf loader (binfmt_elf.c) in Linux k

binfmt_elf | loader |

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code.


Heap-based buffer overflow in MSG_UnEscapeSearc

MSG_UnEscapeSearchUrl | nsNNTPProtocolcpp | Heap-based | overflow | Mozilla | buffer |

Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated.


Directory traversal vulnerability in pdesk.cgi

vulnerability | terminated | attackers | arbitrary | sequences | Directory | traversal | portions | possibly | PerlDesk | pdeskcgi | execute | modules | remote | allows | files | read | Perl | %00 | via |

Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remote attackers to read portions of arbitrary files and possibly execute arbitrary Perl modules via ".." sequences terminated by a %00 (null) character in the lang parameter, which can leak portions of the requested files if a compilation error message occurs.


Sophos Anti-Virus 3.78 allows remote attackers

Anti-Virus | Sophos |

Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of service (infinite loop) via a MIME header that is not properly terminated.


Carsten's 3D Engine (Ca3DE), March 2004 version

Carsten's | Engine |

Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via text strings that are not null terminated, which triggers a null dereference.


The WideCharToMultiByte function in Microsoft W

WideCharToMultiByte | Microsoft | function | Windows |

The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks.


Directory traversal vulnerability in index.php

vulnerability | Directory | traversal | indexphp | Jupiter | CMS |

Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 and 1.1.5 allows remote attackers to read arbitrary files via ".." sequences terminated by a %00 (null) character in the n parameter.


admin/cron.php in eSyndicat Directory 1.2, when

register_globals | magic_quotes_gpc | null-terminated | path_to_config | admin/cronphp | Directory | attackers | eSyndicat | parameter | arbitrary | possibly | disabled | execute | enabled | include | allows | remote | files | value | code | PHP | via |

admin/cron.php in eSyndicat Directory 1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files and possibly execute arbitrary PHP code via a null-terminated value in the path_to_config parameter.


Verity Ultraseek before 5.7 allows remote attac

information | attackers | sensitive | Ultraseek | requests | Verity | direct | allows | before | remote | obtain | via |

Verity Ultraseek before 5.7 allows remote attackers to obtain sensitive information via direct requests with (1) a null ("%00") terminated url parameter to help/urlstatusgo.html; or missing parameters to (2) help/header.html, (3) help/footer.html, (4) spell.html, (5) coreforma.html, (6) daterange.html, (7) hits.html, (8) hitsnavbottom.html, (9) indexform.html, (10) indexforma.html, (11) languages.html, (12) nohits.html, (13) onehit1.html, (14) onehit2.html, (15) query.html, (16) queryform0.html, (17) queryform0a.html, (18) queryform1.html, (19) queryform1a.html, (20) queryform2.html, (21) queryform2a.html, (22) quicklinks.html, (23) relatedtopics.html, (24) signin.html, (25) subtopics.html, (26) thesaurus.html, (27) topics.html, (28) hitspagebar.html, (29) highlight/highlight.html, (30) highlight/highlight_one.html, and (31) highlight/topnav.html, which leaks the installation path in the resulting error message.


Multiple buffer overflows in Sophos Anti-Virus

Anti-Virus | overflows | Multiple | scanning | before | engine | buffer | Sophos |

Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2.40 allow remote attackers to execute arbitrary code via (1) a SIT archive with a long filename that is not null-terminated, which triggers a heap-based overflow in veex.dll due to improper length calculation, and (2) a CPIO archive, with a long filename that is not null-terminated, which triggers a stack-based overflow in veex.dll.


Off-by-one error in ICC profile chunk handling

png_set_iCCP | Off-by-one | handling | function | pngsetc | profile | before | libpng | chunk | error | ICC |

Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated.


Software vulnerabilities results 1 to 20 of 436     
Page: 12345...22