Lucene search
K

124 matches found

OSV
OSV
added 2022/02/28 9:15 a.m.4 views

CVE-2022-0150

The WP Accessibility Helper WAH WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS5.8AI score0.01718EPSS
Exploits2References2
Veracode
Veracode
added 2020/08/18 3:2 a.m.48 views

Authentication Bypass

shiro-web is vulnerable to authentication bypass. An ArrayIndexOutOfBoundsException in Base64decode causes an invalid session cookie to be parsed as valid...

7.5CVSS4.2AI score0.48019EPSS
Exploits3References33Affected Software2
Malwarebytes
Malwarebytes
added 2020/06/17 5:30 p.m.24 views

Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature

This blog post was authored by Hossein Jazi and Jérôme Segura On June 10, we found a malicious Word document disguised as a resume that uses template injection to drop a .Net Loader. This is the first part of a multi-stage attack that we believe is associated to an APT attack. In the last stage,...

8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/04/28 4:8 p.m.5 views

php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpcdecode can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64decodexmlrpc in ext/xmlrpc/libxmlrpc/base64.c...

7.5CVSS7.4AI score0.0712EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/03/31 7:36 p.m.7 views

php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpcdecode can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64decodexmlrpc in ext/xmlrpc/libxmlrpc/base64.c...

7.5CVSS7.4AI score0.0712EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2019/10/16 12:0 a.m.182 views

Tomedo Server 1.7.3 Information Disclosure / Weak Cryptography

Affected software: Tomedo Server 1.7.3 Vulnerability type: Cleartext Transmission of Sensitive Information & Weak Cryptography for Passwords Vulnerable version: Tomedo Server 1.7.3 Vulnerable component: Customer Tomedo Server that communicates with Vendor Tomedo Update Server Vendor report...

9.7AI score0.01836EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2019/08/19 8:42 a.m.4 views

php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpcdecode can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64decodexmlrpc in ext/xmlrpc/libxmlrpc/base64.c...

7.5CVSS7.4AI score0.0712EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.21 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : cockpit Vulnerability (NS-SA-2019-0066)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has cockpit packages installed that are affected by a vulnerability: - It was found that cockpit used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could sen...

7.5CVSS7.2AI score0.04858EPSS
Exploits0References2
wpexploit
wpexploit
added 2019/05/18 12:0 a.m.10 views

Newsletter Manager < 1.5 - Unauthenticated Open Redirect

The plugin used base64 encoded user input in the appurl parameter without validation, to redirect users using the header PHP function, leading to an open redirect issue In the file '/newsletter-manager/confirmation.php': 33: $xyzemurl = base64decode$GET'appurl'; ... 179:...

0.5AI score
Exploits0References1
OSV
OSV
added 2019/03/26 6:29 p.m.3 views

DEBIAN-CVE-2019-3804

It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash...

7.5CVSS6.8AI score0.04858EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2019/03/26 12:0 a.m.23 views

CVE-2019-3804

It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash...

7.5CVSS7.4AI score0.04858EPSS
Exploits0
OSV
OSV
added 2019/02/22 12:0 a.m.7 views

UBUNTU-CVE-2019-9024

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpcdecode can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64decodexmlrpc in ext/xmlrpc/libxmlrpc/base64.c...

7.5CVSS6.8AI score0.0712EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.21 views

lighttpd < 1.4.30 base64_decode Function Out-of-Bounds Read Error DoS

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.30. It is, therefore, affected by a denial of service vulnerability. The HTTP server allows out-of-bounds values to be decoded during the auth process and later uses these values as offsets. Using negative...

5CVSS7.2AI score0.23076EPSS
Exploits8References4
Tenable Nessus
Tenable Nessus
added 2018/07/20 12:0 a.m.43 views

FreeBSD : mutt/neomutt -- multiple vulnerabilities (fe12ef83-8b47-11e8-96cc-001a4a7ec6be)

NeoMutt report : DescriptionCVE-2018-14349 NO Response Heap Overflow CVE-2018-14350 INTERNALDATE Stack Overflow CVE-2018-14351 STATUS Literal Length relative write CVE-2018-14352 imapquotestring off-by-one stack overflow CVE-2018-14353 imapquotestring int underflow CVE-2018-14354 imapsubscribe...

9.8CVSS7.4AI score0.06229EPSS
Exploits0References17
The Hacker News
The Hacker News
added 2018/06/20 7:22 a.m.62 views

Magento Hackers Using Simple Evasion Trick to Reinfect Sites With Malware

Security researchers have been warning of a new trick that cybercriminals are leveraging to hide their malicious code designed to re-introduce the infection to steal confidential information from Magento based online e-commerce websites. So, if you have already cleaned up your hacked Magento...

7.5AI score
Exploits0
0day.today
0day.today
added 2017/03/04 12:0 a.m.25 views

WordPress Simple Ads Manager 2.9.8.125 PHP Object Injection Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------ Simple Ads Manager WordPress plugin unauthenticated PHP Object injection vulnerability ------------------------------------------------------------------------ Yorick...

7.1AI score
Exploits0
OSV
OSV
added 2017/01/11 4:59 p.m.0 views

DEBIAN-CVE-2017-5209

The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service buffer over-read via split encoded Apple Property List data...

9.1CVSS6.5AI score0.02851EPSS
Exploits0References1
OSV
OSV
added 2017/01/11 4:59 p.m.3 views

UBUNTU-CVE-2017-5209

The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service buffer over-read via split encoded Apple Property List data...

9.1CVSS7.3AI score0.02851EPSS
Exploits0References2
CNVD
CNVD
added 2016/10/17 12:0 a.m.4 views

An SQL injection vulnerability exists in the DBSHOP_0.9.3_Beta getQuery() function.

DBShop is an open source e-commerce online store system developed using endFramework. DBSHOP0.9.3Beta suffers from SQL injection vulnerability. Due to the /DBSHOP/module/Shopfront/src/Shopfront/Controller/GoodslistController.php at indexAction first through getQuery to get all the parameters,...

7.8AI score
Exploits0References1
Hacker One
Hacker One
added 2016/08/17 7:9 a.m.22 views

Internet Bug Bounty: integer overflow in base64_decode caused heap corruption

Please check: https://bugs.php.net/bug.php?id=72836...

6.9AI score
Exploits0
Rows per page
Query Builder