Git-Hound v1.1 - GitHound Pinpoints Exposed API Keys On GitHub Using Pattern Matching, Commit History Searching, And A Unique Result Scoring System

A batch-catching, pattern-matching, patch-attacking secret snatcher. GitHound pinpoints exposed API keys and other sensitive information on GitHub using pattern matching, commit history searching, and a unique result scoring system. GitHound has earned me over $7500 applied to Bug Bounty research...

Stack overflow

A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request issue 3 of 3...

CVE-2020-10825

A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request issue 3 of 3...

Artica Pandora FMS Remote Code Execution Vulnerability (CNVD-2020-19576)

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A remote code execution vulnerability exists in Pandora FMS 7.0 NG. The vulnerability stems from...

CVE-2020-5844

index.php?sec=godmode/extensions&sec2=extensions/filesrepo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742FIXPERL2020...

CVE-2020-5844

index.php?sec=godmode/extensions&sec2=extensions/filesrepo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742FIXPERL2020...

CVE-2020-5844

Pandora FMS v7.0 NG (specifically v7.0NG.742_FIX_PERL2020) is affected by CVE-2020-5844. The vulnerability resides at index.php?sec=godmode/extensions&sec2=extensions/files_repo, where authenticated administrators can upload arbitrary PHP scripts and trigger execution by base64-decoding the file ...

PT-2020-18753 · Artica · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS version 7.0NG.742 FIX PERL2020 Description: The issue allows authenticated administrators to upload malicious PHP scripts and execute them via base64 decoding of the file location. This is achieved through the...

CVE-2020-9476

ARRIS TG1692A devices allow remote attackers to discover the administrator login name and password by reading the /login page and performing base64 decoding...

Design/Logic Flaw

ARRIS TG1692A devices allow remote attackers to discover the administrator login name and password by reading the /login page and performing base64 decoding...

CVE-2020-9476

ARRIS TG1692A devices allow remote attackers to discover the administrator login name and password by reading the /login page and performing base64 decoding...

Exploit for Unrestricted Upload of File with Dangerous Type in Artica Pandora_Fms

CVE-2020-5844 Authenticated RCE in PandoraFMS 7.0-NG 742 A...

Huawei EulerOS: Security Advisory for nss, nss-util (EulerOS-SA-2017-1075)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for nss, nss-util (EulerOS-SA-2017-1076)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

LibMiner: Container-Based Cryptocurrency Miner Targeting Unprotected Redis Servers

Qualys is actively tracking threats which target containers. In our recent analysis, we have identified a few docker instances executing a malware which we term as “LibMiner”. This malware has the capability to deploy and execute Cryptominer. It uses a unique technique for lateral movement across...

CVE-2017-5461

An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an...

Security Bulletin: IBM MQ Appliance is affected by a Network Security Services (NSS) vulnerability (CVE-2017-5461)

Summary IBM MQ Appliance has addressed a vulnerability in Network Security Services NSS. Vulnerability Details CVEID: CVE-2017-5461 DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write during Base64 decoding operation...

NewStart CGSL MAIN 4.05 : nss Multiple Vulnerabilities (NS-SA-2019-0105)

The remote NewStart CGSL host, running version MAIN 4.05, has nss packages installed that are affected by multiple vulnerabilities: - An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted...

Internet Bug Bounty: Basic Authentication Heap Overflow

Summary: An attacker can get arbitrary data overflowed in the heap via Basic Authorization base64 blob. Even when basic auth isn't configured. Report sent to developers When calling HttpHeader::getAuth the field value will be base64 decoded. The call to the decode method doesn't ensure that the...

CVE-2018-20008

iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials plain text and the web-console password base64 via the debugging console...