Lucene search
K

124 matches found

CNNVD
CNNVD
added 2025/08/13 12:0 a.m.5 views

INSTAR 2K+和INSTAR 4K 安全漏洞

INSTAR 2K+ and INSTAR 4K are both webcams from the German company INSTAR. A security vulnerability exists in INSTAR 2K+ and INSTAR 4K version 3.11.1 Build 1124, which originates from a buffer overflow due to manipulation of the Authorization parameter by the base64decode function of the fcgiserve...

10CVSS9.6AI score0.00697EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.6 views

SUSE SLES15 / openSUSE 15 Security Update : iperf (SUSE-SU-2025:02749-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02749-1 advisory. - update to 3.19.1: CVE-2025-54351: Fixed buffer overflow in net.c bsc1247522 CVE-2025-54350: Fixed Base64Decode assertion failu...

10CVSS6.1AI score0.004EPSS
Exploits0References10
OSV
OSV
added 2025/08/03 2:15 a.m.7 views

AZL-66057 CVE-2025-54350 affecting package iperf3 for versions less than 3.17.1-3

In iperf before 3.19.1, iperfauth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References1
OSV
OSV
added 2025/08/03 2:15 a.m.3 views

UBUNTU-CVE-2025-54350

In iperf before 3.19.1, iperfauth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/07/28 11:35 p.m.4 views

SUSE CVE-2024-32664

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use...

7.3CVSS7.1AI score0.00861EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2024/10/03 12:0 a.m.209 views

reNgine 2.2.0 Command Injection

Exploit Title: reNgine 2.2.0 - Command Injection Authenticated Date: 2024-09-29 Exploit Author: Caner Tercan Vendor Homepage: https://rengine.wiki/ Software Link: https://github.com/yogeshojha/rengine Version: v2.2.0 Tested on: macOS POC : 1. Login the Rengine Platform 2. Click the Scan Engine 3...

7.4AI score
Exploits0
CVE
CVE
added 2024/05/07 2:57 p.m.85 views

CVE-2024-32664

CVE-2024-32664 affects Suricata before 7.0.5 and 6.0.19, where specially crafted traffic or datasets can cause a limited buffer overflow. The vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include avoiding rules with the base64_decode keyword (bytes option 1, 2, or 5) and, for 7.0.x, set...

7.3CVSS6.6AI score0.00861EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2024/05/07 2:57 p.m.25 views

CVE-2024-32664

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use...

7.3CVSS7AI score0.00861EPSS
Exploits0
GithubExploit
GithubExploit
added 2024/01/09 10:10 a.m.95 views

Exploit for Path Traversal in Thinkphp

redtail While analyzing my daily access.log report, I noticed...

9.8CVSS7.6AI score0.15505EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2023/06/12 12:0 a.m.6 views

PT-2023-3751 · Tp Link · Tp-Link Ec-70

Name of the Vulnerable Software and Affected Versions: TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 Description: The issue is related to a buffer overflow in the tpsocket base64 decode function of the TP-Link EC-70 camera's firmware. This buffer overflow can be exploited by a remo...

8.8CVSS8.6AI score0.00345EPSS
Exploits0References4
Exploit DB
Exploit DB
added 2023/04/07 12:0 a.m.202 views

Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing

!/usr/bin/python3 Exploit Title: Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing Shodan Dork: http.favicon.hash:-2145085239 http.title:"Tenda | LOGIN" Date: 09/03/2023 Exploit Author: @h454nsec Github: https://github.com/H454NSec/CVE-2020-35391 Vendor Homepage:...

9.6CVSS7.3AI score0.35005EPSS
Exploits4
SUSE CVE
SUSE CVE
added 2023/02/15 5:56 a.m.3 views

SUSE CVE-2010-3711

libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purplebase64decode function, which allows remote authenticated users to cause a denial of service NULL pointer dereference and application crash via a crafted message, related to the plugins for MSN, MySpaceIM,...

4CVSS6.7AI score0.0327EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.3 views

SUSE CVE-2011-4362

Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that triggers an out-of-bounds...

5CVSS7AI score0.16246EPSS
Exploits8References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:45 a.m.4 views

SUSE CVE-2012-3461

The 1 otrlbase64otrdecode function in src/b64.c; 2 otrlprotodatareadflags and 3 otrlprotoacceptdata functions in src/proto.c; and 4 decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a deni...

4.3CVSS7.1AI score0.03441EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:25 a.m.8 views

SUSE CVE-2014-9205

Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data...

7.5CVSS8.2AI score0.0484EPSS
Exploits0References3
NVD
NVD
added 2022/05/03 6:15 p.m.44 views

CVE-2021-46440

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cookie, perform a base64 decode on the victim's cookie, and obtain a cleartext password, leading to...

7.5CVSS0.02786EPSS
Exploits3References4
0day.today
0day.today
added 2022/05/03 12:0 a.m.238 views

Strapi 3.6.8 Password Disclosure / Insecure Handling Vulnerabilities

Exploit Title: Strapi " Exploit Author: Kitchaphan Singchai idealphase Vendor Homepage: https://strapi.io/ Software Link: https://github.com/strapi/strapi/releases Vulnerable Version: ..SNIP.. Redirecting to /documentation. Perform Base64 decoding and we got plaintext password in “documentation”...

7.5CVSS0.1AI score0.02786EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/05/02 12:0 a.m.521 views

Strapi 3.6.8 Password Disclosure / Insecure Handling

Exploit Title: Strapi " Date: 2022-03-30 Exploit Author: Kitchaphan Singchai idealphase Vendor Homepage: https://strapi.io/ Software Link: https://github.com/strapi/strapi/releases Vulnerable Version: ..SNIP.. Redirecting to /documentati...

7.6AI score0.02786EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/04/07 12:0 a.m.288 views

CSZCMS 1.3.0 SSRF / LFI / Remote Code Execution

Title: CSZCMS V1.3.0 - SSRF To LFI To Rce Author: Hejap Zairy Date: 07.04.2022 Vendor: https://sourceforge.net/projects/cszcms/files/install/ Software: https://liquidtelecom.dl.sourceforge.net/project/cszcms/install/CSZCMS-V1.3.0.zip Reference: https://github.com/Matrix07ksa Tested on: Windows,...

0.3AI score
Exploits0
wpexploit
wpexploit
added 2022/03/15 12:0 a.m.96 views

NS WooCommerce Watermark <= 2.11.3 - Abuse of Functionality

An unprivileged user could use the functionality of the plugin to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain. Search for a vulnerable domain with the dork:...

7.5CVSS1AI score0.01211EPSS
Exploits2
Rows per page
Query Builder