124 matches found
The vulnerability of Google Chrome browser allows a malicious actor to trigger a service failure.
The Google Chrome browser contains a vulnerability related to the incorrect processing of string data consisting solely of spaces in the base64DecodeInternal function in wtf/text/Base64.cpp in Blink. Exploiting this vulnerability allows malicious actors to trigger a denial-of-service attack by...
WordPress Plugin Photocart Link 1.6 - Local File Inclusion
Exploit Title: Wordpress Plugin Photocart Link - Local File Inclusion Exploit Author: CrashBandicot @DosPerl Date: 2016-03-27 Google Dork : inurl:/wp-content/plugins/photocart-link/ Vendor Homepage: https://fr.wordpress.org/plugins/photocart-link/ Tested on: MSWin32 Version: 1.6 Vuln file :...
EMC RSA BSAFE multiple security vulnerabilities
Integer overflow in base64 decode, multiple crypto vulnerabilities...
ESA-2015-081: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-081: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities EMC Identifier: ESA-2015-081 CVE Identifier: CVE-2015-0533, CVE-2015-0534, CVE-2015-0535, CVE-2015-0536, CVE-2015-0537 Severity...
FreeBSD : OpenSSL -- multiple vulnerabilities (9d15355b-ce7c-11e4-9db0-d050992ecde8) (FREAK)
OpenSSL project reports : - Reclassified: RSA silently downgrades to EXPORTRSA Client CVE-2015-0204. OpenSSL only. - Segmentation fault in ASN1TYPEcmp CVE-2015-0286 - ASN.1 structure reuse memory corruption CVE-2015-0287 - PKCS7 NULL pointer dereferences CVE-2015-0289 - Base64 decode CVE-2015-029...
DEBIAN-CVE-2015-0292
Integer underflow in the EVPDecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact v...
Vulnerability in OpenSSL - Base64 decode
A vulnerability existed in previous versions of OpenSSL related to the processing of base64 encoded data. Any code path that reads base64 data from an untrusted source could be affected such as the PEM processing routines. Maliciously crafted base 64 data could trigger a segmenation fault or memo...
Virtual Store Open 3.0 Acess SQL Injection
No description provided by source. !/usr/bin/perl Script Name: Virtual Store Open = 3.0 Link1 : http://www.virtuastore.com.br/shopping.asp?link=ShoppingVirtuaStore Link2 : http://www.virtuastore2010.com.br/ Link3 Yahoo Group : http://br.groups.yahoo.com/group/virtuastore/ Bug: Acess Sql Injection...
easytalk一处盲注
简要描述: easytalk一处盲注 详细说明: 问题出在mailactivity函数,其过滤daddslashes在base64decode之前,但是后面没有输出,不过没关系,我们可以盲注 public function mailactivity parent::tologin; $authmsg=daddslashes$GET'auth'; $authmsg=base64decode$authmsg; //这里反了…… $tem=explode":",$authmsg; $sendid=$tem0; $user=M'Users'; $row =...
Cuppa CMS - alertConfigField.php LocalRemote File Inclusion
Cuppa CMS - alertConfigField.php LocalRemote File Inclusion Exploit Title : Cuppa CMS File Inclusion Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://www.cuppacms.com/ Software Link : http://jaist.dl.sourceforge.net/project/cuppacms/cuppacms.zip...
CVE-2012-3461
The 1 otrlbase64otrdecode function in src/b64.c; 2 otrlprotodatareadflags and 3 otrlprotoacceptdata functions in src/proto.c; and 4 decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a deni...
DEBIAN-CVE-2011-4362
Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service segmentation fault via crafted base64 input that triggers an out-of-bounds...
Discuz! X2 SQL injection vulnerability-vulnerability warning-the black bar safety net
Detailed description: File: source\module\forum\forumattachment.php if! defined'INDISCUZ' exit'Access Denied'; define'NOROBOT', TRUE; @list$G'gpaid', $G'gpk', $G'gpt', $G'gpuid', $G'gptableid' = explode'|', base64decode$G'gpaid'; if! empty$G'gpfindpost' && $attach = DB::fetchfirst"SELECT pid, tid...
Virtual Store Open 3.0 Acess SQL Injection
Exploit for asp platform in category web applications !/usr/bin/perl Script Name: Virtual Store Open = 3.0 Link1 : http://www.virtuastore.com.br/shopping.asp?link=ShoppingVirtuaStore Link2 : http://www.virtuastore2010.com.br/ Link3 Yahoo Group : http://br.groups.yahoo.com/group/virtuastore/ Bug:...
Virtual Store Open 3.0 - Acess SQL Injection
!/usr/bin/perl Script Name: Virtual Store Open = 3.0 Link1 : http://www.virtuastore.com.br/shopping.asp?link=ShoppingVirtuaStore Link2 : http://www.virtuastore2010.com.br/ Link3 Yahoo Group : http://br.groups.yahoo.com/group/virtuastore/ Bug: Acess Sql Injection Found: Br0ly google dork:...
RoSPORA 1.5.0 - Remote PHP Code Injection
'; 671. $link=$SERVER'PHPSELF'."?f=".$flag."&s="; 672. 673. if !empty$plarray 674. 675. usort$plarray, createfunction'$a, $b', 'if $a'.$sort.' == $b'.$sort.' return 0; if $a'.$sort.' '.$sorttype.' $b'.$sort.' return -1; return 1;'; 676. Input parameter passed through $GET's' isn't properly...
PHP168 V6 download any file vulnerability-vulnerability warning-the black bar safety net
漏洞 文件 download.php Vulnerability related to the file HASH b912249a22b630c04f7ad65f8ba5a2f6 download.php $url=base64decode$url; //2 line 7 $fileurl=strreplace$webdbwwwurl,"",$url; if eregi". php$",$fileurl && isfilePHP168PATH."$ fileurl" //determine the file drop out is not php, if it is php, and...
Mozilla Base64 decoding crash
Multiple integer overflows in the 1 PLBase64Decode and 2 PLBase64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service memory corruption and application crash...
Cybershade CMS 0.2b Session Hijacking PoC Vulnerability
Exploit for unknown platform in category web applications ======================================================= Cybershade CMS 0.2b Session Hijacking PoC Vulnerability ======================================================= p0c!: Session Hijacking Cybershade CMS 0.2b Session Hijacking PoC...
ntop 3.3.10 Denial Of Service
Title: ntop = sizeoftheHttpUser usersizeoftheHttpUser-1 = '\0'; . . . Affected Operating Systems: Only tested on Linux Affected Versions: ntop = 3.3.10 CVE: CVE-2009-2732 Credit: Brad Antoniewicz [email protected] code: START modules/auxiliary/dos/http/ntopbasic.rb...