1028 matches found
aide: heap-based buffer overflow on outputs larger than B64_BUF
A heap-based buffer overflow vulnerability in the base64 functions of AIDE, an advanced intrusion detection system. An attacker could crash the program and possibly execute arbitrary code through large 16k extended file attributes or ACL...
Alfa Team Shell Tesla 4.1 Remote Code Execution Vulnerability
Exploit Title: ALFA TEAM SHELL TESLA 4.1 - 'cmd' Remote Code Execution Unauthenticated Google Dork: inurl:/alfacgiapi intext:alfa Exploit Author: Aryan Chehreghani Vendor Homepage: http://solevisible.com Software Link: https://phpshells.com/alfa-tesla-v4-1-shell Version: v4.1 Tested on: Windows 1...
Advanced Comment System 1.0 - Remote Command Execution Exploit
Exploit Title: Advanced Comment System 1.0 - Remote Command Execution RCE Exploit Author: Nicole Daniella Murillo Mejias Version: Advanced Comment System 1.0 Tested on: Linux !/usr/bin/env python3 DESCRIPTION: Commands are Base64 encoded and sent via POST requests to the vulnerable application, t...
Advanced Comment System 1.0 - Remote Command Execution (RCE)
Exploit Title: Advanced Comment System 1.0 - Remote Command Execution RCE Date: November 30, 2021 Exploit Author: Nicole Daniella Murillo Mejias Version: Advanced Comment System 1.0 Tested on: Linux !/usr/bin/env python3 DESCRIPTION: Commands are Base64 encoded and sent via POST requests to the...
Advanced Comment System 1.0 Remote Command Execution
Exploit Title: Advanced Comment System 1.0 - Remote Command Execution RCE Date: November 30, 2021 Exploit Author: Nicole Daniella Murillo Mejias Version: Advanced Comment System 1.0 Tested on: Linux !/usr/bin/env python3 DESCRIPTION: Commands are Base64 encoded and sent via POST requests to the...
ZipExec - A Unique Technique To Execute Binaries From A Password Protected Zip
ZipExec is a Proof-of-Concept POC tool to wrap binary-based tools into a password-protected zip file. This zip file is then base64 encoded into a string that is rebuilt on disk. This encoded string is then loaded into a JScript file that when executed, would rebuild the password-protected zip fil...
Engel & Völkers Technology GmbH: Reflected Xss in https://world.engelvoelkers.com/...
Summary: When trying to access https://world.engelvoelkers.com/login, I am redirected to https://login.engelvoelkers.com with a long URL, when analyzing this url I found base64 encoded xml parameters, after decoding the url I found the following url:...
HackTools
This is a web browser extension for penetration testing, called HackTools. It is a comprehensive toolset for web application security testing, providing various features such as: Dynamic shell generation PHP, Bash, Ruby, Python, Perl, Netcat XSS payload generation Common SQL injection payloads...
Default credentials
RICON Industrial Cellular Router S9922L 16.10.33794 is affected by cleartext storage of sensitive information and sends username and password as base64...
WP Mega Menu < 1.4.0 - Unauthenticated Arbitrary Post Access
The plugin does not properly check for capability and CSRF due to a logic flaw, in its exporttheme and exportwpmegamenunavmenu methods, hooked to admininit. As a result, unauthenticated users can call them and access arbitrary post data, including password protected or private ones. Access an...
WP Mega Menu < 1.4.1 - Subscriber+ Arbitrary Post Access
The plugin does not properly check for capability and CSRF due to a logic flaw, in its exporttheme and exportwpmegamenunavmenu methods, hooked as AJAX actions and available to any authenticated users. As a result, low privilege authenticated users such as subscribers can call them and access...
CVE-2020-25566
In SapphireIMS 5.0, it is possible to take over an account by sending a request to the SavePassword form as shown in POC. Notice that we do not require a JSESSIONID in this request and can reset any user’s password by changing the username to that user and password to base64desired password...
CVE-2017-16632
In SapphireIMS 40971, the password in the database is stored in Base64 format...
Several Malicious Typosquatted Python Libraries Found On PyPI Repository
As many as eight Python packages that were downloaded more than 30,000 times have been removed from the PyPI portal for containing malicious code, once again highlighting how software package repositories are evolving into a popular target for supply chain attacks. "Lack of moderation and automat...
Reverse-Shell-Generator - Hosted Reverse Shell Generator With A Ton Of Functionality
Hosted Reverse Shell generator with a ton of functionality -- great for CTFs Hosted Instance https://revshells.com Features Generate common listeners and reverse shells Automatically copy to clipboard Button to increment the listening port number by 1 URI and Base64 encoding LocalStorage to persi...
CVE-2020-29134
The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4...
Path traversal
The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4...
CVE-2020-29134
The TOTVS Fluig platform allows path traversal through the parameter “file = .. /” encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4 Recent assessments: lucxssouza at March 24, 2021 6:54pm UTC reported: Assessed Attacker Value: 5 Assessed Attacker Value:...
HFS (HTTP File Server) 2.3.x Remote Code Execution
Exploit Title: HFS HTTP File Server 2.3.x - Remote Command Execution 3 Google Dork: intext:"httpfileserver 2.3" Date: 20/02/2021 Exploit Author: Pergyz Vendor Homepage: http://www.rejetto.com/hfs/ Software Link: https://sourceforge.net/projects/hfs/ Version: 2.3.x Tested on: Microsoft Windows...
Kubernetes: kubectl creating secrets from stringData leaves secret in plain text
Report Submission Form Summary: kubectl creating secrets from stringData leaves secret in plain text Kubernetes Version: $ kubectl version Client Version: version.InfoMajor:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df",GitTreeState:"clean",...