AVideo 操作系统命令注入漏洞

AVideo is an open-source broadcast network creation tool developed by the World Wide Broadcast Network. Prior to version 7.0 of AVideo, there was a vulnerability related to operating system command injection. This vulnerability allowed unauthenticated attackers to execute arbitrary operating syst...

EUVD-2024-36489

Malicious code in bioql PyPI...

Security update for libssh

This update for libssh fixes the following issues: CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. CVE-2025-4878: Fixed use of uninitialized variable in privatekeyfromfile bsc1245310. CVE-2025-5318: Fixed likely read beyond bounds in sftp server handl...

CVE-2024-37187

Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding...

CVE-2020-15865

A Remote Code Execution vulnerability in Stimulsoft aka Stimulsoft Reports 2013.1.1600.0 allows an attacker to encode C scripts as base-64 in the report XML file so that they will be compiled and executed on the server that processes this file. This can be used to fully compromise the server...

CVE-2024-37187

Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding...

CVE-2024-37187

CVE-2024-37187 affects Advantech ADAM-5550. Vulnerability: weak encoding for passwords via base64, exposing credentials. Affected: ADAM-5550 (all versions). Impact: potential credential disclosure; confidentiality at high risk. Mitigation: upgrade to ADAM-5630 firmware v2.5.2+ per ICS advisory. N...

CVE-2024-37187 Advantech ADAM-5550 Weak Encoding for Password

Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding...

GHSA-M4VX-CCRF-W399 NLnet Labs Routinator has Reachable Assertion vulnerability

In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files which are not correctly base 64 encoded are treated as a fatal error and causes Routinator to exit. Worst case impact of this vulnerability is denial of service for...

Prismatic < 2.8 - Contributor+ Stored XSS

The plugin does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS trigger able in the frontend, however, higher...

CVE-2020-15865

A Remote Code Execution vulnerability in Stimulsoft aka Stimulsoft Reports 2013.1.1600.0 allows an attacker to encode C scripts as base-64 in the report XML file so that they will be compiled and executed on the server that processes this file. This can be used to fully compromise the server...

Remote code execution

A Remote Code Execution vulnerability in Stimulsoft aka Stimulsoft Reports 2013.1.1600.0 allows an attacker to encode C scripts as base-64 in the report XML file so that they will be compiled and executed on the server that processes this file. This can be used to fully compromise the server...

CVE-2020-15865

A Remote Code Execution vulnerability in Stimulsoft aka Stimulsoft Reports 2013.1.1600.0 allows an attacker to encode C scripts as base-64 in the report XML file so that they will be compiled and executed on the server that processes this file. This can be used to fully compromise the server...

CVE-2016-6546 iTrack Easy mobile application stores the user password in base-64 encoding/cleartext

The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. The base64 encoding format is considered equivalent to cleartext...

openSUSE Security Update : mozilla-nss (openSUSE-2017-504)

Mozilla-nss was updated to 3.28.4 to fix the following issues : Security issues : - CVE-2016-9574: Allow use of session tickets when there is no ticket wrapping key boo1015499, bmo1320695 Non security issues : - A rare crash when initializing an SSL socket fails has been fixed bmo1342358 - Rare...

Instruction Trace Visualisation Tool: rgat

An instruction trace visualisation tool intended to help reverse engineers make the link between target behaviour and code. rgat uses dynamic binary instrumentation courtesy of DynamoRIO to produce graphs from running executables. It creates static and animated visualisations in realtime to suppo...

AltaVista Search Intranet 2.0 b/2.3 A Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/896/info The AltaVista Search engine sets up a webserver at port 9000 to listen for search queries. The main search function will accept a single '../' string in the query, providing access to all documents in the 'http'...

Veno File Manager Arbitrary File Download

Exploit Title : Veno File Manager Arbitrary File Download Vulnerability Google Dork : allintitle: "Veno File Manager" Date : 10/12/2013 Exploit Author : Daniel Godoy Vendor Homepage :...

update for bogofilter (important)

This version upgrade of bogofilter fixed a heap corruption in the base 64 decoding routine as well as several other non-security issues...

update for bogofilter (important)

This version upgrade of bogofilter fixed a heap corruption in the base 64 decoding routine as well as several other non-security issues...