1016 matches found
Netis MW5360 Remote Command Execution Exploit
The Netis MW5360 router has a command injection vulnerability via the password parameter on the login page. The vulnerability stems from improper handling of the "password" parameter within the router's web interface. The router's login page authorization can be bypassed by simply deleting the...
[SECURITY] Fedora 39 Update: rust-uu_base64-0.0.23-3.fc39
Base64 uutils decode/encode input base64-encoding...
From trust to trickery: Brand impersonation over the email attack vector
Cisco recently developed and released a new feature to detect brand impersonation in emails when adversaries pretend to be a legitimate corporation. Talos has discovered a wide range of techniques threat actors use to embed and deliver brand logos via emails to their victims. Talos is providing n...
PT-2024-40772 · Git +1 · Pjsip
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of "Use-of-uninitialized-value" as reported by OSS-Fuzz. The crash occurs in the encode base64 differential function...
Exploit for Improper Input Validation in Paloaltonetworks Pan-Os
CVE-2024-3400 RCE Test Script Overview This Python script...
PT-2024-40907 · Rsa · Rsa
Name of the Vulnerable Software and Affected Versions: rsa affected versions not specified Description: The issue concerns potential side-channel attacks due to non-constant time operations, including arithmetic and Base64 encoding. Recommendations: At the moment, there is no information about a...
OpenZeppelin 安全漏洞
OpenZeppelin is a software application. A standard for secure blockchain applications. A security vulnerability exists in OpenZeppelin Contracts versions prior to 5.0.2 and prior to 4.9.6, which stems from the fact that the last iteration of the Base64.encode function can read portions of memory...
openSUSE: Security Advisory for apr (SUSE-SU-2023:0389-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
Impact The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. Although the encode function pads the output for these cases, up to 4 bits o...
GHSA-9VX6-7XXF-X967 OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
Impact The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. Although the encode function pads the output for these cases, up to 4 bits o...
CVE-2024-27094 OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
OpenZeppelin Contracts is a library for secure smart contract development. The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The...
CVE-2024-27094 OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
OpenZeppelin Contracts is a library for secure smart contract development. The Base64.encode function encodes a bytes input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The...
Base64 Command Encoder
This encoder uses base64 encoding to avoid bad characters. Module Options msf use encoder/cmd/base64 msf encoderbase64 show actions ...actions... msf encoderbase64 set ACTION msf encoderbase64 show options ...show and set options... msf encoderbase64 run This module requires Metasploit:...
CVE-2023-6944
A flaw was found in the Red Hat Developer Hub RHDH. The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gainin...
CVE-2023-45878
GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubricsvisualisesaveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is set...
Commander - A Command And Control (C2) Server
Commander is a command and control framework C2 written in Python, Flask and SQLite. It comes with two agents written in Python and C. Under Continuous Development Not script-kiddie friendly Features Fully encrypted communication TLS Multiple Agents Obfuscation Interactive Sessions Scalable Base6...
Atcom 2.7.x.x - Authenticated Command Injection
Exploit Title: Atcom 2.7.x.x - Authenticated Command Injection Google Dork: N/A Date: 07/09/2023 Exploit Author: Mohammed Adel Vendor Homepage: https://www.atcom.cn/ Software Link: https://www.atcom.cn/html/yingwenban/Product/FastIPphone/2017/1023/135.html Version: All versions above 2.7.x.x Test...
Exploit for CVE-2023-38646
CVE-2023-38646 The original script originates from securezer...
Amazon Linux 2023 : grpc, grpc-cpp, grpc-data (ALAS2023-2023-282)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-282 advisory. 2023-10-12: CVE-2023-4785 was added to this advisory. When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table...
Maltrail 0.53 Remote Code Execution
Exploit Title: Maltrail v0.53 - Unauthenticated Remote Code Execution RCE Exploit Author: Iyaad Luqman K init6 Application: Maltrail v0.53 Tested on: Ubuntu 22.04 CVE: CVE-2023-27163 PoC import sys; import os; import base64; def main: listeningIP = None listeningPORT = None targetURL = None if...