CVE-2022-26964

Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows information disclosure via a password brute-force attack. An error caused base64 to be decoded...

Information disclosure

Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows information disclosure via a password brute-force attack. An error caused base64 to be decoded...

CVE-2022-26964

Weak password derivation for export in Devolutions Remote Desktop Manager before 2022.1 allows information disclosure via a password brute-force attack. An error caused base64 to be decoded...

NLnet Labs Routinator 安全漏洞

NLnet Labs Routinator is an RPKI Resource Public Key Infrastructure validator from NLnet Labs in the Netherlands written in the Rust language. A security vulnerability exists in NLnet Labs Routinator versions 0.9.0 through 0.11.2, which stems from an error in error handling, where data in RRDP...

Malicious Package

Overview raw-tool is a malicious package. Looking into the setup.py function: 1 it tries to access the host at TCP port 35019. 2 it downloads all the files from the host. 3 it base64 decodes, decompresses, and executes. It can allow the attacker full control over the host. Malicious Code The code...

Pandora FMS 7.0NG.742 Remote Code Execution

Exploit Title: Pandora FMS v7.0NG.742 - Remote Code Execution RCE Authenticated Date: 05/20/2022 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://pandorafms.com/ Software Link:...

Exploit for Unrestricted Upload of File with Dangerous Type in Artica Pandora_Fms

Exploit for CVE-2020-5844 Pandora FMS v7.0NG.742 - Remote Co...

USU Oracle Optimization Command Injection Vulnerability

USU Oracle Optimization is used to improve the performance of Oracle queries. command injection vulnerability exists in versions of USU Oracle Optimization prior to 5.17.5. The vulnerability stems from the fact that some common OS commands are blocked, but OS commands for base64 decoding are not...

Insecure password handling vulnerability in Strapi

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request. From this, the attacker can get the victim's cookie, base64 decode it, and obtain a cleartext password, leading to...

CVE-2022-29937

USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but for example an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product...

Command injection

USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but for example an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product...

CVE-2022-0150

The WP Accessibility Helper WAH WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue...

Brizy < 2.3.12 - Authenticated File Upload and Path Traversal

Using the brizycreateblockscreenshot AJAX action, it was possible to provide a filename using the id parameter, and populate the file contents via the ibsf parameter, which would be base64-decoded and written to the file. While the plugin appended .jpg to all uploaded filenames, a double extensio...

DEBIAN-CVE-2021-24119

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single...

CVE-2021-24116

In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped,...

Trusted Firmware M 安全漏洞

ARM Trusted Firmware M TFM is an open source software from ARM UK. It provides a set of highly configurable software components to create a trusted execution environment. A security vulnerability exists in Trusted Firmware Mbed TLS that stems from a side-channel vulnerability in base64 PEM file...

Baidu Rust SGX SDK 安全漏洞

Baidu Rust SGX SDK is a Rust language development kit for Intel SGX Trusted Computing Platform from Baidu, China. Baidu Rust SGX SDK suffers from a security vulnerability, which originates from a side-channel vulnerability in base64 PEM file decoding in Rust SGX 1.1.3. An attacker can exploit the...

PT-2021-6813 · Arm +4 · Mbed Tls +4

Name of the Vulnerable Software and Affected Versions: Mbed TLS version 2.24.0 Description: A side-channel vulnerability in base64 PEM file decoding exists, allowing system-level attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software...

h1-ctf: [H1-2006 2020] CTF Writeup

Summary: Multiple Vulnerabilities leading to full account takeover and access to restricted functions 1. Information Disclosure 2. Login 2FA Bypass 3. SSRF 4. Hardcoded validation 5. Sensitive information disclosure 6. Privilege Escalation 7. Payments 2FA Bypass through SSRF Steps To Reproduce: 0...

Denial Of Service (DoS)

pidgin is vulnerable to denial of service. Multiple NULL pointer dereference flaws were found in the way Pidgin handled Base64 decoding. A remote attacker could use these flaws to crash Pidgin if the target Pidgin user was using the Yahoo! Messenger Protocol, MSN, MySpace, or Extensible Messaging...