Fedora 38 : grpc (2023-15b3e80753)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-15b3e80753 advisory. Security fix for CVE-2023-32732 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

CVE-2023-3684

A vulnerability was found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /change-language/deDE of the component Base64 Encoding Handler. The manipulation of the argument redirectTo leads to open redirect. The attack ma...

CVE-2023-3684

A vulnerability was found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /change-language/deDE of the component Base64 Encoding Handler. The manipulation of the argument redirectTo leads to open redirect. The attack ma...

Open redirect

A vulnerability was found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /change-language/deDE of the component Base64 Encoding Handler. The manipulation of the argument redirectTo leads to open redirect. The attack ma...

CVE-2023-3684 LivelyWorks Articart Base64 Encoding de_DE redirect

A vulnerability was found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /change-language/deDE of the component Base64 Encoding Handler. The manipulation of the argument redirectTo leads to open redirect. The attack ma...

CVE-2023-3684 LivelyWorks Articart Base64 Encoding de_DE redirect

A vulnerability was found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /change-language/deDE of the component Base64 Encoding Handler. The manipulation of the argument redirectTo leads to open redirect. The attack ma...

CVE-2023-3684

CVE-2023-3684 affects LivelyWorks Articart 2.0.1, specifically the Base64 Encoding Handler’s file at /change-language/de_DE. The vulnerability arises from manipulating the redirectTo argument, causing an open redirect that could be exploited remotely. Several sources corroborate this issue, with ...

PT-2023-25723 · Livelyworks · Livelyworks Articart

Name of the Vulnerable Software and Affected Versions: LivelyWorks Articart version 2.0.1 Description: A problematic issue was found in the Base64 Encoding Handler component, specifically affecting some unknown functionality of the file /change-language/de DE. The manipulation of the redirectTo...

LivelyWorks Articart 输入验证错误漏洞

LivelyWorks Articart is an application from LivelyWorks, Inc. An input validation error vulnerability exists in LivelyWorks Articart version 2.0.1, which stems from the presence of an unknown function in the file /change-language/deDE in the component Base64 Encoding Handler, which causes a...

CVE-2023-2003

Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed on the device...

Connection Termination

grpc is vulnerable to Connection Termination. An attacker can terminate the connection between a HTTP2 proxy and the gRPC server by providing a -bin suffixed headers, which leads to a base64 encoding error, causing an application crash...

gRPC connection termination issue

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...

Exploit for Path Traversal in Std42 Elfinder

CVE-2023-35840 elFinder 2.1.62 - Path Traversal vulnerabilit...

CVE-2023-32732

A flaw was found in gRPC, which is vulnerable to a denial of service, caused by a base64 encoding error for "-bin" suffixed headers. By sending a specially crafted request, a remote attacker can cause a termination of the connection between an HTTP2 proxy and a gRPC server, resulting in a denial ...

Design/Logic Flaw

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...

CVE-2023-32732

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...

CVE-2023-32732

CVE-2023-32732: gRPC vulnerability where a base64 encoding error for -bin suffixed headers can cause the gRPC server to terminate a connection with an HTTP/2 proxy, potentially affecting availability (LOW). Root cause described as a header encoding mishap that proxies may still allow, with remedi...

CVE-2023-32732 Denial-of-Service in gRPC

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...

gRPC 安全漏洞

gRPC is a modern, open-source, high-performance Remote Procedure Call RPC framework from gRPC Open Source. A security vulnerability exists in gRPC that stems from a base64 encoding error in the -bin suffix header that causes the gRPC server to disconnect...

Microsoft Windows PowerShell Remote Command Execution Exploit

This python script mints a .ps1 file with an exploitable semicolon condition that allows for command execution from Microsoft Windows PowerShell. This is an updated exploit to work with Python3. from base64 import b64encode import argparse,sys,os PSTrojanFile.py By hyp3rlinx c 2023 ApparitionSec...