1028 matches found
EspoCRM 5.8.5 - Privilege Escalation Vulnerability
Exploit for multiple platform in category web applications Exploit Title: EspoCRM 5.8.5 - Privilege Escalation Author: Besim ALTINOK Vendor Homepage: https://www.espocrm.com Software Link: https://www.espocrm.com/downloads/EspoCRM-5.8.5.zip Version: v5.8.5 Tested on: Xampp Credit: İsmail BOZKURT...
EspoCRM 5.8.5 Privilege Escalation
Exploit Title: EspoCRM 5.8.5 - Privilege Escalation Author: Besim ALTINOK Vendor Homepage: https://www.espocrm.com Software Link: https://www.espocrm.com/downloads/EspoCRM-5.8.5.zip Version: v5.8.5 Tested on: Xampp Credit: İsmail BOZKURT ------------- Details:...
Arbitrary Code Execution
evolution is vulnerablet o arbitrary code execution. Multiple integer overflow flaws which could cause heap-based buffer overflows were found in the Base64 encoding routines used by Evolution Data Server. This could cause an application using Evolution Data Server to crash, or, possibly, execute ...
HTTP Asynchronous Reverse Shell - Asynchronous Reverse Shell Using The HTTP Protocol
Today there are many ways to create a reverse shell in order to be able to remotely control a machine through a firewall. Indeed, outgoing connections are not always filtered. However security software and hardware IPS, IDS, Proxy, AV, EDR... are more and more powerful and can detect these attack...
CVE-2019-14886
A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in erraisecuritycontext. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords...
Design/Logic Flaw
A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in erraisecuritycontext. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords...
Cross site request forgery (csrf)
In GolfBuddy Course Manager 1.1, passwords are sent with base64 encoding via a GET request...
CVE-2020-9337
In GolfBuddy Course Manager 1.1, passwords are sent with base64 encoding via a GET request...
CVE-2020-9337
In GolfBuddy Course Manager 1.1, passwords are sent with base64 encoding via a GET request. Recent assessments: horshark at March 09, 2020 8:13pm UTC reported: Recap Nothing deep, passwords are sent using Base64. Requires Ability to monitor networking traffic during user authentification. Loot...
Unspecified Vulnerability in Cisco Adaptive Security Appliance Software
Cisco Adaptive Security Appliances Software ASA Software is a suite of firewall and network security platforms from Cisco. A security vulnerability exists in the Secure Sockets Layer SSL VPN feature of Cisco ASA Software, which stems from the program not properly handling Base64 encoded strings. ...
Cross site scripting
Multiple Reflected Cross-site Scripting XSS vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input encoded in base64. This also applies to the search functionality for the searchKey parameter...
CVE-2019-18205
Multiple Reflected Cross-site Scripting XSS vulnerabilities exist in Zucchetti InfoBusiness before and including 4.4.1. The browsing component did not properly sanitize user input encoded in base64. This also applies to the search functionality for the searchKey parameter...
CVE-2008-1394
Plone CMS before 3 places a base64 encoded form of the username and password in the ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network...
PT-2019-3523 · Cisco · Cisco Asa
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: A vulnerability in the Secure Sockets Layer SSL VPN feature could allow an authenticated, remote attacker to cause a denial of service DoS condition...
inoERP 4.15 - (download) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: inoERP 4.15 - 'download' SQL Injection Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: http://inoideas.org/ Version: 4.15 CVE: N/A A malicious query can be sent in base64 encoding to unserialize function. It can be...
inoERP 4.15 SQL Injection
Exploit Title: inoERP 4.15 - 'download' SQL Injection Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: http://inoideas.org/ Version: 4.15 CVE: N/A A malicious query can be sent in base64 encoding to unserialize function. It can be deserialized as an array without any...
inoERP 4.15 - download SQL Injection
inoERP 4.15 - download SQL Injection Exploit Title: inoERP 4.15 - 'download' SQL Injection Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: http://inoideas.org/ Version: 4.15 CVE: N/A A malicious query can be sent in base64 encoding to unserialize function. It can be...
inoERP 4.15 - 'download' SQL Injection
Exploit Title: inoERP 4.15 - 'download' SQL Injection Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: http://inoideas.org/ Version: 4.15 CVE: N/A A malicious query can be sent in base64 encoding to unserialize function. It can be deserialized without any sanitization...
lseshop.cz Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-977756 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
GGPowerShell / Windows PowerShell Remote Command Execution Exploit
This python script mints a .ps file with an exploitable semicolon condition that allows for command execution from Microsoft Windows PowerShell. from base64 import b64encode from base64 import b64decode from socket import import argparse,sys,socket,struct,re GGPowerShell Microsoft Windows...