1028 matches found
Authentication flaw
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The toolsadmin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page potentially through a...
CVE-2017-3192
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The toolsadmin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page potentially through a...
CVE-2017-3192
The CVE-2017-3192 issue affects D-Link DIR-130 (firmware 1.23) and DIR-330 (firmware 1.12). Public details confirm an authentication-related flaw where the tools_admin.asp page transmits the administrator password in base64, allowing a remote attacker with access to that page to potentially obtai...
PT-2017-15702 · D Link · D-Link Dir-330 +1
Name of the Vulnerable Software and Affected Versions: D-Link DIR-130 version 1.23 D-Link DIR-330 version 1.12 Description: The issue concerns insufficient protection of administrator credentials. Specifically, the tools admin.asp page returns the administrator password in base64 encoding, allowi...
Schneider Electric Pelco VideoXpert Missing Encryption Of Sensitive Information
Summary VideoXpert is a video management solution designed for scalability, fitting the needs surveillance operations of any size. VideoXpert Ultimate can also aggregate other VideoXpert systems, tying multiple video management systems into a single interface. Description The software transmits...
Command Shell, Bind TCP (via python)
Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.4-2.7 and 3.4+. module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include Msf::Payload::Python include Msf::Sessions::CommandShellOptions def initializeinfo =...
HBGK DVR 3.0.0 Build 20161206 Authentication Bypass Vulnerability
Exploit for hardware platform in category web applications Exploit Title: HBGK DVR V3.0.0 build20161206 - Authentication Bypass Date: 24-09-2017 Vendor Homepage: http://www.hbgk.net/en/ Exploit Author: RAT - ThiefKing Contact: https://www.facebook.com/cctvsuperpassword Website: http://tromcap.com...
Oracle 9i XDB 9.2.01 HTTP PASS Buffer Overflow Exploit
Oracle 9i XDB version 9.2.0.1 HTTP PASS buffer overflow exploit. Exploit Title:Oracle 9i XDB HTTP PASS Buffer Overflow Date: 09/25/2017 Exploit Author: Charles Dardaman Twitter: https://twitter.com/CharlesDardaman Website: http://www.dardaman.com Version:9.2.0.1 Tested on: Windows 2000 SP4 CVE:...
UC Browser - Fast Download Private & Secure - Base64 encoded String, Customized SSL, Redefined SSL Common Names verifier vulnerabilities
HackApp vulnerability scanner discovered that application UC Browser - Fast Download Private & Secure published at the 'play' market has multiple vulnerabilities...
The vulnerability of the Network Security Services library allows a perpetrator to cause a service failure or exert other effects.
The vulnerability of the Network Security Services library lies in the writing beyond the buffer boundaries in memory. This vulnerability arises due to incorrect decoding of Base64-encoded data. Exploiting this vulnerability can allow a malicious actor to cause service failures or other effects b...
Упражнения для глаз PRO *FREE - Base64 encoded String, Exported ContentProvider, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Упражнения для глаз PRO FREE published at the 'play' market has multiple vulnerabilities...
Cross-Site Scripting (XSS)
marked is vulnerable to cross-site scripting XSS attacks. The library does not sanitize strings encoded in base64, allowing a malicious user to inject and execute arbitrary javascript...
РБК Главное - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application РБК Главное published at the 'play' market has multiple vulnerabilities...
Pelco VideoXpert 1.12.105 - Information Disclosure
Pelco VideoXpert 1.12.105 - Information Disclosure Schneider Electric Pelco VideoXpert Missing Encryption Of Sensitive Information Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: 2.0.41 1.14.7 1.12.105 Summary: VideoXpert is a video management solution...
Design/Logic Flaw
An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials...
CVE-2017-6028
Schneider Electric Modicon PLCs Modicon M241 (all firmware) and M251 (all firmware) are affected by CVE-2017-6028, where login credentials are transmitted over the network using Base64, enabling sniffing and potential unauthorized web access. No exploits are publicly known in the provided docs. R...
Futurama: Worlds of Tomorrow - Base64 encoded String, Customized SSL, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application Futurama: Worlds of Tomorrow published at the 'play' market has multiple vulnerabilities...
PHPMailer 5.2.20 with Exim MTA - Remote Code Execution
PHPMailer 5.2.20 with Exim MTA - Remote Code Execution !/usr/bin/python Exploit Title: RCE for PHPMailer 5.2.20 with Exim MTA Date: 16/06/2017 Exploit Author: @phacktul Software Link: https://github.com/PHPMailer/PHPMailer Version: 5.2.20 Tested on: Debian x86/x64 CVE :...
Get Followers and Likes - Base64 encoded String, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities
HackApp vulnerability scanner discovered that application Get Followers and Likes published at the 'play' market has multiple vulnerabilities...
StorySave - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application StorySave published at the 'play' market has multiple vulnerabilities...