2007 matches found
CVE-2025-31139
JetBrains TeamCity prior to 2025.03 exposes base64 encoded passwords in build logs (CVE-2025-31139). Affects JetBrains TeamCity (CI/CD server); vulnerability arises from passwords being logged in base64 form. Impact: potential credential exposure. Mitigation: upgrade to version 2025.03 or later o...
CVE-2024-10190
Horovod CVE-2024-10190 affects v0.28.1 and earlier. The vulnerability is due to ElasticRendezvousHandler.do_PUT/_put_value decoding base64 data and ultimately calling cloudpickle.loads, enabling an unauthenticated attacker to supply a malicious pickle object via a PUT request and achieve arbitrar...
Linux Distros Unpatched Vulnerability : CVE-2012-3359
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the ac session cookie, which allows attackers to gain privileges by...
SonicWALL NSv Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of SonicWALL NSv. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Base64-encoded session cookies. The issue results from an incorrect...
CVE-2023-6601
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions...
CVE-2023-6601
CVE-2023-6601 is a vulnerability in FFmpeg’s HLS demuxer that enables bypassing unsafe file extension checks and triggering arbitrary demuxers via base64 data URIs with specific extensions. Public details in the provided connected advisories attribute the issue to FFmpeg and acknowledge fixes in ...
CVE-2024-11717
Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to...
U.S. Dept Of Defense: Secret Access Key of AWS Firehose Disclosure
The domain had an endpoint that contained the secret access key of an AWS Firehose delivery stream encoded in base64. The secret access key was disclosed, allowing the record to be put into the Firehose delivery stream...
Arbitrary File Read
craftcms/cms is vulnerable to arbitrary file read. The vulnerability is due to the exploitation of the dataUrl function, which allows attackers with write permissions on system notification templates to embed and exfiltrate Base64-encoded file content via triggered email notifications...
CVE-2024-52292
CVE-2024-52292 affects Craft CMS. The dataUrl function can exfiltrate the contents of arbitrary server files when an attacker has write permissions on system notification templates and can trigger a system email. By embedding a path to a sensitive file, the Base64-encoded content is sent via an e...
Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks
Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findings from Trend Micro. "In this attack, the threat actor used the gRPC protocol over h2c to evade security solutions and execute their crypto mining...
Exploit for CVE-2023-25581
This Python script demonstrates the exploitation of the CVE-2023...
CVE-2024-45414
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checki...
3DSecure 2.0 3DS Authorization Method Cross Site Scripting
Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Authorization Method Tested Versions: 3DSecure 2.0 3DS Authorization Method Vulnerability Type: Cross-Site Scripting XSS Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17 Solution...
3DSecure 2.0 3DS Method Authentication Cross Site Scripting
Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Method Authentication Tested Versions: 3DSecure 2.0 3DS Method Authentication Vulnerability Type: Cross-Site Scripting XSS Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17 Solutio...
MAL-2024-8726 Malicious code in invokehttp (PyPI)
The init.py contains a call to execute a Base64-encoded script to download a second stage payload. --- -= Per source details. Do not edit below this line.=- Source: kam193 e3374942a3d2de4ea1f9444223c351c0ef5356c571a08e8ddb62144f7564def0 In the invokehttp, the init.py contains obfuscated code...
APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure
A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. "The campaign likely targeted diplomats and began as early as March 2024," Palo Alto Networks Unit 42 said in a report published...
CVE-2024-32981 - XSS Vulnerability with text/html base64-encoded payload
More info at https://www.silverstripe.org/download/security-releases/cve-2024-32981...
CVE-2024-39459
A vulnerability was found in the Jenkins Plain Credentials Plugin, which stores secret file credentials unencrypted only Base64 encoded on the Jenkins controller file system. Users with access to the Jenkins controller file system global credentials or with Item/Extended Read permission...
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin
When creating secret file credentials Plain Credentials Plugin 182.v468b97b9dcb8 and earlier attempts to decrypt the content of the file to check if it constitutes a valid encrypted secret. In rare cases the file content matches the expected format of an encrypted secret, and the file content wil...