124 matches found
INSTAR 2K+和INSTAR 4K 安全漏洞
INSTAR 2K+ and INSTAR 4K are both webcams from the German company INSTAR. A security vulnerability exists in INSTAR 2K+ and INSTAR 4K version 3.11.1 Build 1124, which originates from a buffer overflow due to manipulation of the Authorization parameter by the base64decode function of the fcgiserve...
SUSE SLES15 / openSUSE 15 Security Update : iperf (SUSE-SU-2025:02749-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02749-1 advisory. - update to 3.19.1: CVE-2025-54351: Fixed buffer overflow in net.c bsc1247522 CVE-2025-54350: Fixed Base64Decode assertion failu...
AZL-66057 CVE-2025-54350 affecting package iperf3 for versions less than 3.17.1-3
In iperf before 3.19.1, iperfauth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt...
UBUNTU-CVE-2025-54350
In iperf before 3.19.1, iperfauth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt...
SUSE CVE-2024-32664
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use...
reNgine 2.2.0 Command Injection
Exploit Title: reNgine 2.2.0 - Command Injection Authenticated Date: 2024-09-29 Exploit Author: Caner Tercan Vendor Homepage: https://rengine.wiki/ Software Link: https://github.com/yogeshojha/rengine Version: v2.2.0 Tested on: macOS POC : 1. Login the Rengine Platform 2. Click the Scan Engine 3...
CVE-2024-32664
CVE-2024-32664 affects Suricata before 7.0.5 and 6.0.19, where specially crafted traffic or datasets can cause a limited buffer overflow. The vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include avoiding rules with the base64_decode keyword (bytes option 1, 2, or 5) and, for 7.0.x, set...
CVE-2024-32664
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use...
Exploit for Path Traversal in Thinkphp
redtail While analyzing my daily access.log report, I noticed...
PT-2023-3751 · Tp Link · Tp-Link Ec-70
Name of the Vulnerable Software and Affected Versions: TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 Description: The issue is related to a buffer overflow in the tpsocket base64 decode function of the TP-Link EC-70 camera's firmware. This buffer overflow can be exploited by a remo...
Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing
!/usr/bin/python3 Exploit Title: Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing Shodan Dork: http.favicon.hash:-2145085239 http.title:"Tenda | LOGIN" Date: 09/03/2023 Exploit Author: @h454nsec Github: https://github.com/H454NSec/CVE-2020-35391 Vendor Homepage:...
SUSE CVE-2010-3711
libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purplebase64decode function, which allows remote authenticated users to cause a denial of service NULL pointer dereference and application crash via a crafted message, related to the plugins for MSN, MySpaceIM,...
SUSE CVE-2011-4362
Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that triggers an out-of-bounds...
SUSE CVE-2012-3461
The 1 otrlbase64otrdecode function in src/b64.c; 2 otrlprotodatareadflags and 3 otrlprotoacceptdata functions in src/proto.c; and 4 decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a deni...
SUSE CVE-2014-9205
Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data...
CVE-2021-46440
Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to...
Strapi 3.6.8 Password Disclosure / Insecure Handling Vulnerabilities
Exploit Title: Strapi " Exploit Author: Kitchaphan Singchai idealphase Vendor Homepage: https://strapi.io/ Software Link: https://github.com/strapi/strapi/releases Vulnerable Version: ..SNIP.. Redirecting to /documentation. Perform Base64 decoding and we got plaintext password in “documentation”...
Strapi 3.6.8 Password Disclosure / Insecure Handling
Exploit Title: Strapi " Date: 2022-03-30 Exploit Author: Kitchaphan Singchai idealphase Vendor Homepage: https://strapi.io/ Software Link: https://github.com/strapi/strapi/releases Vulnerable Version: ..SNIP.. Redirecting to /documentati...
CSZCMS 1.3.0 SSRF / LFI / Remote Code Execution
Title: CSZCMS V1.3.0 - SSRF To LFI To Rce Author: Hejap Zairy Date: 07.04.2022 Vendor: https://sourceforge.net/projects/cszcms/files/install/ Software: https://liquidtelecom.dl.sourceforge.net/project/cszcms/install/CSZCMS-V1.3.0.zip Reference: https://github.com/Matrix07ksa Tested on: Windows,...
NS WooCommerce Watermark <= 2.11.3 - Abuse of Functionality
An unprivileged user could use the functionality of the plugin to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain. Search for a vulnerable domain with the dork:...