CVE-2021-46888

An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting XSS vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function...

Cross site scripting

An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting XSS vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function...

hledger 跨站脚本漏洞

hledger is HLEDGER open source a powerful, fast and intuitive plain text accounting tool with CLI, TUI and Web interfaces. A security vulnerability exists in hledger versions prior to 1.23 that stems from a problem in toBloodhoundJson that allows an attacker to execute JavaScript by encoding...

apr-util: out-of-bounds writes in the apr_base64

A flaw was found in the Apache Portable Runtime Utility APR-util library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions...

PT-2023-4872

Name of the Vulnerable Software and Affected Versions gRPC affected versions not specified Description The issue is related to a base64 encoding error for -bin suffixed headers, which can cause a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. This can be exploited by...

CVE-2023-22949

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user credentials. All authenticated GSQL access requests are logged by TigerGraph in multiple places. Each request includes both the username and password of the user in an easily decodable base64 form. That...

TigerGraph 安全漏洞

TigerGraph is one of the world's fastest and most scalable graph analytics platforms from the TigerGraph community. Enabling real-time big data graph applications. A security vulnerability exists in TigerGraph Enterprise Free Edition 3.x series versions that stems from the fact that all...

Command Shell, Reverse SCTP (via python)

Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+. Module Options msf use payload/python/shellreversesctp msf payloadshellreversesctp show actions ...actions... msf payloadshellreversesctp set ACTION msf payloadshellreversesctp show...

Rukovoditel 3.3.1 Remote Code Execution

Exploit Title: Rukovoditel 3.3.1 - Remote Code Execution RCE Version: 3.3.1 Bugs: rce via jpeg file upload Technology: PHP Vendor URL: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Date of found: 12-03-2023 Author: Mirabbas Ağalarov Tested on: Linux 2...

Exploit for Untrusted Search Path in Softexpert Excellence_Suite

Remote Code Execution in SoftExpert Excellence Suite 2.0 - CVE...

Shining Light on Dark Power: Yet Another Ransomware Gang

Shining Light on Dark Power: Yet Another Ransomware Gang By Pham Duy Phuc and Tomer Shloman · March 23, 2023 This blog was also written by Max Kersten Another day, another ransomware gang. The Dark Power ransomware gang is new on the block, and is trying to make a name for itself. This blog dives...

Schneider Electric Modicon PLCs Insufficiently Protected Credentials (CVE-2017-6028)

An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials...

SQL Injection at /front/report.dynamic.php

Description A SQL Injection vulnerability allow to guest user with reports view like "Technician" to extract all data from database and some cases write a webshell on the server. This vulnerability occurs because an insecure concatenation is taking place on this function:...

SUSE CVE-2006-2781

Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service hang and possibly execute arbitrary code via a VCard that contains invalid base64 characters...

SUSE CVE-2009-0585

Integer overflow in the soupbase64encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation...

SUSE CVE-2009-0587

Multiple integer overflows in Evolution Data Server aka evolution-data-server before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in 1 addressbook/libebook/e-vcard.c in evc or 2 camel/camel-mime-utils.c in libcam...

SUSE CVE-2021-24115

In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations base32, base58, base64, and hex...

SUSE-SU-2023:0389-1 Security update for apr-util

This update for apr-util fixes the following issues: - CVE-2022-25147: Fixed a buffer overflow possible with specially crafted input during base64 encoding bsc1207866...

SUSE-SU-2023:0338-1 Security update for libapr-util1

This update for libapr-util1 fixes the following issues: - CVE-2022-25147: Fixed a buffer overflow possible with specially crafted input during base64 encoding bsc1207866...

SUSE-SU-2023:0337-1 Security update for libapr-util1

This update for libapr-util1 fixes the following issues: - CVE-2022-25147: Fixed a buffer overflow possible with specially crafted input during base64 encoding bsc1207866...