1028 matches found
CVE-2024-6515 unauthorized file access
Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...
CVE-2024-6515 unauthorized file access
Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...
The vulnerability of the str_base64_encode_rfc2047() function in the Zabbix universal monitoring system allows a attacker to trigger a service failure.
The vulnerability of the strbase64encoderfc2047 function in the Zabbix universal monitoring system is related to the operation exceeding the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...
Python Execute Command
Execute an arbitrary OS command. Compatible with Python 2.7 and 3.4+. Module Options msf use payload/python/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec run module MetasploitModule CachedSize =...
CVE-2023-25581 Deserialization of untrusted data in InternalAttributeHandler in pac4j
pac4j is a security framework for Java. pac4j-core prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the UserProfile class from pac4j-core. It can be exploited by providing an...
Advantech ADAM-5550 Information Disclosure Vulnerability
Advantech ADAM-5550 is a programmable automation controller from Advantech, China. The Advantech ADAM-5550 suffers from an information disclosure vulnerability due to a flaw in base64 encoding for sharing user credentials. An attacker can exploit this vulnerability to obtain credential informatio...
Advantech ADAM-5550 安全漏洞
Advantech ADAM-5550 is a programmable automation controller from Advantech, China. The Advantech ADAM-5550 suffers from an information disclosure vulnerability due to a flaw in base64 encoding for sharing user credentials. An attacker can exploit this vulnerability to obtain credential informatio...
Python Developers Targeted with Malware During Fake Job Interviews
Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware. From a news article These particular attacks from North Korean state-funded hacking team Lazarus Group are new, but the overall malware campaign agains...
Syncovery For Linux Web-GUI Session Token Brute-Forcer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' require 'date' require 'json' require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/syncoveryfilesyncbackup'...
Exploit for Code Injection in Geoserver
CVE-2024-36401-PoC This repository contains a Proof of Conce...
OneDrive Pastejacking
OneDrive Pastejacking: The crafty phishing and downloader campaign By Rafael Pena · July 29, 2024 Over the past few weeks, the Trellix Advanced Research Center has observed a sophisticated Phishing/downloader campaign targeting Microsoft OneDrive users. This campaign heavily relies on social...
Netis MW5360 Remote Command Execution Exploit
The Netis MW5360 router has a command injection vulnerability via the password parameter on the login page. The vulnerability stems from improper handling of the "password" parameter within the router's web interface. The router's login page authorization can be bypassed by simply deleting the...
[SECURITY] Fedora 39 Update: rust-uu_base64-0.0.23-3.fc39
Base64 uutils decode/encode input base64-encoding...
From trust to trickery: Brand impersonation over the email attack vector
Cisco recently developed and released a new feature to detect brand impersonation in emails when adversaries pretend to be a legitimate corporation. Talos has discovered a wide range of techniques threat actors use to embed and deliver brand logos via emails to their victims. Talos is providing n...
PT-2024-40772 · Git +1 · Pjsip
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of "Use-of-uninitialized-value" as reported by OSS-Fuzz. The crash occurs in the encode base64 differential function...
Exploit for Improper Input Validation in Paloaltonetworks Pan-Os
CVE-2024-3400 RCE Test Script Overview This Python script...
PT-2024-40907 · Rsa · Rsa
Name of the Vulnerable Software and Affected Versions: rsa affected versions not specified Description: The issue concerns potential side-channel attacks due to non-constant time operations, including arithmetic and Base64 encoding. Recommendations: At the moment, there is no information about a...
OpenZeppelin 安全漏洞
OpenZeppelin is a software application. A standard for secure blockchain applications. A security vulnerability exists in OpenZeppelin Contracts versions prior to 5.0.2 and prior to 4.9.6, which stems from the fact that the last iteration of the Base64.encode function can read portions of memory...
openSUSE: Security Advisory for apr (SUSE-SU-2023:0389-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-9VX6-7XXF-X967 OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
Impact The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. Although the encode function pads the output for these cases, up to 4 bits o...