CVE-2024-52292

Craft is a content management system CMS. The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function...

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting, and streaming audio and video from the FFmpeg team. A security vulnerability exists in FFmpeg that originates from an insecure file extension check that can be bypassed to trigger an arbitrary demultiplexer by appending a base64-encoded dat...

CVE-2024-46341

TP-Link TL-WR845NUNV4190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack...

CVE-2024-46341

TP-Link TL-WR845NUNV4190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack...

PT-2024-31966 · Tp Link · Tp-Link Tl-Wr845N

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR845NUN version V4 190219 Description: The issue concerns the transmission of credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack. This allows the attacker to obtain...

CVE-2024-46341

TP-Link TL-WR845NUNV4190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack...

CVE-2024-46341

The CVE-2024-46341 entry concerns TP-Link TL-WR845N(UN)_V4_190219, where credentials are transmitted in base64-encoded form. Multiple connected sources corroborate that this weak encoding can be decoded by an attacker performing a man-in-the-middle attack, exposing sensitive information. The avai...

CVE-2024-46341

TP-Link TL-WR845NUNV4190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack...

CVE-2024-6515

Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...

CVE-2024-6515 unauthorized file access

Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...

CVE-2024-6515 unauthorized file access

Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...

The vulnerability of the str_base64_encode_rfc2047() function in the Zabbix universal monitoring system allows a attacker to trigger a service failure.

The vulnerability of the strbase64encoderfc2047 function in the Zabbix universal monitoring system is related to the operation exceeding the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...

Python Execute Command

Execute an arbitrary OS command. Compatible with Python 2.7 and 3.4+. Module Options msf use payload/python/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec run module MetasploitModule CachedSize =...

CVE-2023-25581 Deserialization of untrusted data in InternalAttributeHandler in pac4j

pac4j is a security framework for Java. pac4j-core prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the UserProfile class from pac4j-core. It can be exploited by providing an...

Advantech ADAM-5550 Information Disclosure Vulnerability

Advantech ADAM-5550 is a programmable automation controller from Advantech, China. The Advantech ADAM-5550 suffers from an information disclosure vulnerability due to a flaw in base64 encoding for sharing user credentials. An attacker can exploit this vulnerability to obtain credential informatio...

Advantech ADAM-5550 安全漏洞

Advantech ADAM-5550 is a programmable automation controller from Advantech, China. The Advantech ADAM-5550 suffers from an information disclosure vulnerability due to a flaw in base64 encoding for sharing user credentials. An attacker can exploit this vulnerability to obtain credential informatio...

Python Developers Targeted with Malware During Fake Job Interviews

Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware. From a news article These particular attacks from North Korean state-funded hacking team Lazarus Group are new, but the overall malware campaign agains...

Syncovery For Linux Web-GUI Session Token Brute-Forcer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' require 'date' require 'json' require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/syncoveryfilesyncbackup'...

Exploit for Code Injection in Geoserver

CVE-2024-36401-PoC This repository contains a Proof of Conce...

OneDrive Pastejacking

OneDrive Pastejacking: The crafty phishing and downloader campaign By Rafael Pena · July 29, 2024 Over the past few weeks, the Trellix Advanced Research Center has observed a sophisticated Phishing/downloader campaign targeting Microsoft OneDrive users. This campaign heavily relies on social...