CVE-2018-18753

Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF...

EUVD-2010-1346

Malware in sbrugna...

CVE-2024-10190

Horovod CVE-2024-10190 affects v0.28.1 and earlier. The vulnerability is due to ElasticRendezvousHandler.do_PUT/_put_value decoding base64 data and ultimately calling cloudpickle.loads, enabling an unauthenticated attacker to supply a malicious pickle object via a PUT request and achieve arbitrar...

CVE-2023-6601

A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions...

PT-2024-15022 · FFmpeg +1 · Ffmpeg +1

Name of the Vulnerable Software and Affected Versions: FFmpeg affected versions not specified Description: A flaw was found in FFmpeg's HLS demuxer, allowing bypassing of unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file...

Server side request forgery (ssrf)

Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF...

Exploiting Blind Java Deserialization with Burp and Ysoserial

While performing a web application penetration test, I stumbled upon a parameter with some base64 encoded data within a POST parameter. Curious as to what it was, I sent it over to Burp decoder...

Security Bulletin: TS3000 (TSSC/IMC) is affected by OpenSSL vulnerabilities

Summary The Total Storage System Console/TS4500 Integrated Management Console is affected by seven security vulnerabilities related to OpenSSL. Vulnerability Details CVEID: CVE-2015-0209 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a...

Design/Logic Flaw

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files is maintained when opening such files "in browser" based on our Mail or Drive app. In case of "a" tags, this may include link targets with base64 encoded "data" references. Malicious script code c...

5.000 Sprüche, Witze & Zitate - Base64 encoded String, External URLs, SD-card access vulnerabilities

HackApp vulnerability scanner discovered that application 5.000 Sprüche, Witze & Zitate published at the 'play' market has multiple vulnerabilities...

Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2537-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2537-1 advisory. It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to...

Ubuntu: Security Advisory (USN-2537-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2537-1: OpenSSL vulnerabilities

It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. CVE-2015-0209 Stephen Henson discovered that OpenSSL incorrectly handled...

Heap overflow

Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data...

CVE-2010-1317

RealNetworks Helix Server NTLM Authentication vulnerability (CVE-2010-1317) exists in the Base64 NTLM handling of the administrative web interface. The flaw arises when an invalid Base64 string is provided in the Authorization header, where a length derived from the failed decoding is used in a c...

Buffer overflow

Multiple buffer overflows in RealNetworks Helix Server and Helix Mobile Server 11.x before 11.1.8 and 12.x before 12.0.1 allow remote attackers to 1 cause a denial of service via three crafted RTSP SETUP commands, or execute arbitrary code via 2 an NTLM authentication request with malformed...

CVE-2008-5911

Multiple buffer overflows in RealNetworks Helix Server and Helix Mobile Server 11.x before 11.1.8 and 12.x before 12.0.1 allow remote attackers to 1 cause a denial of service via three crafted RTSP SETUP commands, or execute arbitrary code via 2 an NTLM authentication request with malformed...

Sql injection

SQL injection vulnerability in the abgetadmin function in includes/nukesentinel.php in NukeSentinel 2.5.12 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie...

Integer overflow

Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via certain base64-encoded data on the pop3 port 110/tcp, which triggers an integer overflow...