29 matches found
CVE-2021-3131
The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the creds URL parameter...
Avaya IP Office 11 Insecure Transit / Password Disclosure
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AVAYA-IP-OFFICE-INSECURE-TRANSIT-PASSWORD-DISCLOSURE.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.avaya.com Product Avaya IP Office v9.1.8.0 - 11 IP Office...
CVE-2017-13719
The Amcrest IPM-721S AmcrestIPC-AWXXEngNV2.420.AC00.17.R.20170322 allows HTTP requests that permit enabling various functionalities of the camera by using HTTP APIs, instead of the web management interface that is provided by the application. This HTTP API receives the credentials as base64 encod...
Stack overflow
The Amcrest IPM-721S AmcrestIPC-AWXXEngNV2.420.AC00.17.R.20170322 allows HTTP requests that permit enabling various functionalities of the camera by using HTTP APIs, instead of the web management interface that is provided by the application. This HTTP API receives the credentials as base64 encod...
CVE-2016-10719
TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can be introduced into the admin account through a DHCP request, allowing the attacker to steal the cookie information, which contains the base64 encoded username and password...
D-Link myDlink Baby App Information Disclosure Vulnerability
D-Link myDlink Baby App is an application from AUO D-Link for managing and controlling D-Link baby monitors. The information disclosure vulnerability in the D-Link myDlink Baby App version 2.04.06 arises from the fact that when an operation is performed using the app e.g., modifying the camera...
PT-2018-3886 · D Link · D-Link 825L +1
Name of the Vulnerable Software and Affected Versions: D-Link myDlink Baby App version 2.04.06 D-Link 825L firmware 1.08 Description: The issue concerns the communication between the myDlink Baby App and the D-Link 825L Wi-Fi camera, where credentials, including username and password, are sent in...
IBM Tivoli Endpoint 4.1.1 - Remote SYSTEM Exploit
No description provided by source. !/usr/bin/python tiv-sys.py IBM Tivoli Endpoint 4.1.1 Remote SYSTEM Exploit Jeremy Brown 0xjbrown41-gmail-com June 2011 Discovered by: Brian Adeloye of Tenable Network Security This exploit makes use of two vulnerabilities: 1 Base64 authentication credentials...
Network Shutdown Module 3.21 Remote PHP Code Injection
This Metasploit module exploits a vulnerability in lib/dbtools.inc which uses unsanitized user input inside a eval call. Additionally the base64 encoded user credentials are extracted from the database of the application. Please note that in order to be able to steal credentials, the vulnerable...