DansGuardian 2.8 and earlier allows remote attackers to bypass the extension filtering rule via a hex encoded extension or . in the filename.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Dansguardian | Daniel_barron | 2.2.4 (including) | 2.2.4 (including) |
Dansguardian | Daniel_barron | 2.2.5 (including) | 2.2.5 (including) |
Dansguardian | Daniel_barron | 2.2.6 (including) | 2.2.6 (including) |
Dansguardian | Daniel_barron | 2.2.7 (including) | 2.2.7 (including) |
Dansguardian | Daniel_barron | 2.2.7.1 (including) | 2.2.7.1 (including) |
Dansguardian | Daniel_barron | 2.2.8 (including) | 2.2.8 (including) |
Dansguardian | Daniel_barron | 2.2.9 (including) | 2.2.9 (including) |
Dansguardian | Daniel_barron | 2.2.9.1 (including) | 2.2.9.1 (including) |
Dansguardian | Daniel_barron | 2.2.10 (including) | 2.2.10 (including) |
Dansguardian | Daniel_barron | 2.4.5.1 (including) | 2.4.5.1 (including) |
Dansguardian | Daniel_barron | 2.6.1.5 (including) | 2.6.1.5 (including) |
Dansguardian | Daniel_barron | 2.7.3.1 (including) | 2.7.3.1 (including) |
Dansguardian | Daniel_barron | 2.8 (including) | 2.8 (including) |