1034 matches found
DEBIAN-CVE-2006-5874
Clam AntiVirus ClamAV 0.88 and earlier allows remote attackers to cause a denial of service crash via a malformed base64-encoded MIME attachment that triggers a null pointer dereference...
CVE-2006-6406
Clam AntiVirus ClamAV 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file...
CVE-2006-6406
Clam AntiVirus ClamAV 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file...
CVE-2006-6406
Clam AntiVirus ClamAV 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file...
CVE-2006-6405
BitDefender Mail Protection for SMB 2.0 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file...
CVE-2006-6407
F-Prot Antivirus for Linux x86 Mail Servers 4.6.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file...
Multiple Vendor Unusual MIME Encoding Content Filter Bypass
Several e-mail virus scanners can be tricked into passing an EICAR test file if the following conditions are met: 1. the EICAR file is encoded in Base64 including characters not in the standard alphabet e.g. whitespaces and 2. the part containing the EICAR file is nested within one or several...
MailEnable SMTP NTLM认证多个安全漏洞
MailEnable是一款商业性质的POP3和SMTP服务器。 MailEnable的NTLM认证过程中SMTP连接器存在3个预认证漏洞。 1. 在处理NTLM Type1消息的签名字段时存在缓冲区溢出,可能导致执行任意代码; 2. 在处理base64编码的NTLM Type1消息中安全缓冲区时存在越界读取,可能导致拒绝服务; 3. 在Type3消息的base64编码过程中存在越界读取,可能导致执行任意代码。 MailEnable MailEnable Professional 2.0 MailEnable MailEnable Enterprise 2.0...
MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow (Metasploit)
$Id: mdaemoncrammd5.rb 9583 2010-06-22 19:11:05Z todb $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
Wordpress <= 1.5.1.3 Remote Code Execution 0-Day Exploit
Exploit for unknown platform in category web applications ======================================================== Wordpress = 1.5.1.3 Remote Code Execution 0-Day Exploit ======================================================== ?php echo "Wordpress = 1.5.1.3 - remote code execution 0-DDAAYY...
NukeET 3.03.1 - Base64 Codigo Variable Cross-Site Scripting
NukeET 3.03.1 - Base64 Codigo Variable Cross-Site Scripting source: https://www.securityfocus.com/bid/13570/info NukeET is prone to a cross-site scripting vulnerability. The source of this issue is that HTML and script code is not properly sanitized from URI variables before being output in a...
CVE-2005-0456
Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: RFC 2397 URL, which causes the URL to be obscured in a download dialog, which may allow remote attackers to trick users into executing arbitrary code...
ClamAV: Multiple issues
Background ClamAV is an antivirus toolkit. It includes a multi-threaded daemon and a command line scanner. Description ClamAV fails to properly scan ZIP files with special headers CAN-2005-0133 and base64 encoded images in URLs. Impact By sending a base64 encoded image file in a URL an attacker...
Eudora 6.2 attachment spoof
Eudora 6.2 ==6.2.0.14 for Windows was released on 8 Nov 04. The release notes http://www.eudora.com/download/eudora/windows/6.2/RelNotes.txt say: SECURITY -------- Fixed cases where attachments could be spoofed via base64 or quoted-printable encoded plain-text, inline MIME parts. Some cases remai...
Eudora 6.2.0.7 attachment spoof
Eudora 6.2.0.7 for Windows is in beta testing since 8 Oct 2004. The release notes http://www.eudora.com/download/eudora/windows/6.2/Betas/RelNotes.txt say: SECURITY -------- Fixed cases where attachments could be spoofed via base64 or quoted-printable encoded plain-text, inline MIME parts. Not so...
ripMIME -- decoding bug allowing content filter bypass
ripMIME may prematurely terminate decoding Base64 encoded messages when it encounters multiple blank lines or other non-standard Base64 constructs. Virus scanning and content filtering tools that use ripMIME may therefore be bypassed. The ripMIME CHANGELOG file says: There's viruses going around...
Eudora 6.1.2 attachment spoof
Eudora 6.1.2 for Windows was released on 21 June 2004. The release notes http://www.eudora.com/download/eudora/windows/6.1.2/RelNotes.txt say: SECURITY Fixed case where attachments could be spoofed via base64 encoded plain-text, inline MIME parts. Not so. Harmless demo below. Cheers, Paul Szabo -...
ServerAlive weak encryption
Passwords are stored in text file in base64 format...
PHP-Nuke v5.6 - Users can compromise admin accts.
Tested on PHP-Nuke v5.6 with Mozilla on Linux should work on past versions and on most browsers Impact: --------------------------------------------- Allows any user to get admin access to a PHP-Nuke site. Summary: ---------------------------------------------- Due to a XSS flaw in PHPNuke's...
CVE-2002-0670
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing...