CVE-2009-0585

CVE-2009-0585 : An integer overflow in libsoup’s soup_base64_encode (soup-misc.c) affects libsoup 2.x before 2.2.x and before 2.24 on 2.x, allowing context-dependent attackers to execute arbitrary code via a long input string converted to Base64. Public disclosures reference multiple advisories (...

RoundCube Webmail <= 0.2b Remote Code Execution Exploit

Exploit for unknown platform in category web applications ======================================================= RoundCube Webmail echoiniget'disablefunctions'; exec, system PHP passthru"id; uname -a"; uid=666www-data gid=666www-data groups=666www-data Linux mail 2.6.28 0 Sun Jan 01 10:05:33 CET...

Parallels Plesk Shortnames功能邮件中继漏洞

BUGTRAQ ID: 30956 Plesk是用于管理站点的综合控制面板解决方案。 在Plesk中如果为邮件登录启用了SHORTNAMES=1功能的话，QMAIL就会在AUTH LOGIN认证期间接受任何以有效shortname开始的base64编码用户名。这允许攻击者登录到plesk认证模块所保护的邮件或其他服务，通过获得的smtp认证权限中继垃圾邮件。 必须要从smtpspsa删除SHORTNAMES=1才可以修复这个问题，仅仅将其设置为0无法解决。 Parallels Plesk 8.6 Parallels ---------...

dirlist-traverse.txt

@===========================================@ | Author = StAkeR [email protected] | @===========================================@ + @==============================================================@ | dirLIST = Arbitrary File Download Vulnerability |...

Design/Logic Flaw

RaidSonic NAS-4220-B with 2.6.0-n2007-10-11 firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key...

CVE-2008-1431

RaidSonic NAS-4220-B with 2.6.0-n2007-10-11 firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key...

CVE-2008-1431

RaidSonic NAS-4220-B with 2.6.0-n2007-10-11 firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key...

Default credentials

Plone CMS before 3 places a base64 encoded form of the username and password in the ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network...

CVE-2008-1393

Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network...

raidsonic nas-4220 crypt disk key leak &#40;stored in plain on unencrypted partition&#41;

Manufacturer: RaidSonic www.raidsonic.de Device: NAS-4220-B Firmware: 2.6.0-n2007-10-11 Device Type: end user grade NAS box OS: Linux 2.6.15 Architecture: ARM Designed by: Storm Semiconductor Inc www.storlinksemi.com Problem: Hard disk encryption key stored in plain on unencrypted partition. Time...

Heap overflow

Heap-based buffer overflow in the sampsend function in nuauth/sasl.c in NuFW before 2.2.7 allows remote attackers to cause a denial of service via unspecified input on which base64 encoding is performed. NOTE: some of these details are obtained from third party information...

CVE-2007-5723

CVE-2007-5723 describes a heap-based buffer overflow in the samp_send function of NuFW (nuauth/sasl.c) prior to version 2.2.7. An attacker could remotely trigger DoS by providing input on which base64 encoding is performed. The vulnerability is exploitable over the network (no authentication requ...

CVE-2007-5723

Removed by vendor...

Mercur IMAPD 5.00.14 (Windows x86) - Remote Denial of Service

Mercur IMAPD 5.00.14 Windows x86 - Remote Denial of Service !/usr/bin/perl mercur-v1.pl Mercur v5.00.14 win32 remote exploit by mu-b - Dec 2006 - Tested on: Mercur v5.00.14 win32 use Getopt::Std; getopts't:n:', %arg; use Socket; use MIME::Base64; my $target; if defined$arg't' $target = $arg't' if...

CVE-2006-6406

Clam AntiVirus ClamAV 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file...

CVE-2006-6406

Clam AntiVirus ClamAV 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file...

CVE-2006-6406

Clam AntiVirus ClamAV 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file...

DEBIAN-CVE-2006-5874

Clam AntiVirus ClamAV 0.88 and earlier allows remote attackers to cause a denial of service crash via a malformed base64-encoded MIME attachment that triggers a null pointer dereference...

CVE-2006-6407

F-Prot Antivirus for Linux x86 Mail Servers 4.6.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file...

CVE-2006-6405

BitDefender Mail Protection for SMB 2.0 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file...