CVE-2023-2003

Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed on the device...

Connection Termination

grpc is vulnerable to Connection Termination. An attacker can terminate the connection between a HTTP2 proxy and the gRPC server by providing a -bin suffixed headers, which leads to a base64 encoding error, causing an application crash...

gRPC connection termination issue

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...

Exploit for Path Traversal in Std42 Elfinder

CVE-2023-35840 elFinder 2.1.62 - Path Traversal vulnerabilit...

CVE-2023-32732

A flaw was found in gRPC, which is vulnerable to a denial of service, caused by a base64 encoding error for "-bin" suffixed headers. By sending a specially crafted request, a remote attacker can cause a termination of the connection between an HTTP2 proxy and a gRPC server, resulting in a denial ...

CVE-2023-32732

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...

Design/Logic Flaw

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...

CVE-2023-32732

CVE-2023-32732: gRPC vulnerability where a base64 encoding error for -bin suffixed headers can cause the gRPC server to terminate a connection with an HTTP/2 proxy, potentially affecting availability (LOW). Root cause described as a header encoding mishap that proxies may still allow, with remedi...

CVE-2023-32732 Denial-of-Service in gRPC

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...

gRPC 安全漏洞

gRPC is a modern, open-source, high-performance Remote Procedure Call RPC framework from gRPC Open Source. A security vulnerability exists in gRPC that stems from a base64 encoding error in the -bin suffix header that causes the gRPC server to disconnect...

Microsoft Windows PowerShell Remote Command Execution Exploit

This python script mints a .ps1 file with an exploitable semicolon condition that allows for command execution from Microsoft Windows PowerShell. This is an updated exploit to work with Python3. from base64 import b64encode import argparse,sys,os PSTrojanFile.py By hyp3rlinx c 2023 ApparitionSec...

apr-util: out-of-bounds writes in the apr_base64

A flaw was found in the Apache Portable Runtime Utility APR-util library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions...

CVE-2023-27640

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files...

Open redirect

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files...

CVE-2023-27640

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files...

CVE-2023-27640

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files...

PT-2023-21276 · Prestashop · Tshirtecommerce

Name of the Vulnerable Software and Affected Versions: tshirtecommerce aka Custom Product Designer component version 2.1.4 for PrestaShop Description: An issue allows a remote attacker to forge an HTTP request with the POST parameter type in the "/tshirtecommerce/fonts.php" endpoint, enabling...

apr-util: out-of-bounds writes in the apr_base64

A flaw was found in the Apache Portable Runtime Utility APR-util library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions...

CVE-2021-46888

An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting XSS vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function...

CVE-2021-46888

An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting XSS vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function...