1028 matches found
CVE-2022-28168
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords...
CVE-2022-28168
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords...
CVE-2022-28168
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords...
Code injection
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords...
CVE-2022-28168
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords...
Gshell - A Flexible And Scalable Cross-Plaform Shell Generator Tool
A simple yet flexible cross-platform shell generator tool. Name: GGreat Shell Description: A cross-platform shell generator tool that lets you generate whichever shell you want, in any system you want, giving you full control and automation. If you find this tool helpful, then please give me a...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
CVE-2022-26134 Confluence OGNL expression injected RCECVE-202...
GHSA-C4FR-GX5W-8QF2 Jenkins Subversion Plugin Stores Credentials with Base64 Encoding
The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file...
Jenkins Subversion Plugin Stores Credentials with Base64 Encoding
The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file...
Plaintext Storage of Sensitive Information in Laravel Log Viewer before v0.13.0
rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request...
GHSA-63QJ-P8GH-5XXX Plaintext Storage of Sensitive Information in Laravel Log Viewer before v0.13.0
rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request...
Plone CMS Improper Session Management
Plone CMS before 3 places a base64 encoded form of the username and password in the ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network...
Code injection
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the...
Exploit for Expression Language Injection in Apache Struts
Struts2S2-062CVE-2021-31805 Apache Struts2 S2-062 remote c...
uDraw < 3.3.3 - Unauthenticated Arbitrary File Access
The plugin does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the response. As a result, unauthenticated users could re...
CVE-2022-26967
GPAC 2.0 allows a heap-based buffer overflow in gfbase64encode. It can be triggered via MP4Box...
DEBIAN-CVE-2022-26967
GPAC 2.0 allows a heap-based buffer overflow in gfbase64encode. It can be triggered via MP4Box...
Improper Resolution of Path Equivalence
DESCRIPTION Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain. This behavior can be...
Swift Sensors Gateway device password generation authentication bypass vulnerability
Summary An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Version...
Design/Logic Flaw
Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to access the cleartext credentials of all other form users. admin.php contains a hidden base64-encoded string with these credentials...