apr-util: out-of-bounds writes in the apr_base64

A flaw was found in the Apache Portable Runtime Utility APR-util library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions...

CVE-2023-27640

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files...

Open redirect

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files...

CVE-2023-27640

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files...

PT-2023-21276 · Prestashop · Tshirtecommerce

Name of the Vulnerable Software and Affected Versions: tshirtecommerce aka Custom Product Designer component version 2.1.4 for PrestaShop Description: An issue allows a remote attacker to forge an HTTP request with the POST parameter type in the "/tshirtecommerce/fonts.php" endpoint, enabling...

CVE-2023-27640

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files...

apr-util: out-of-bounds writes in the apr_base64

A flaw was found in the Apache Portable Runtime Utility APR-util library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions...

CVE-2021-46888

An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting XSS vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function...

CVE-2021-46888

An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting XSS vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function...

CVE-2021-46888

An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting XSS vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function...

Cross site scripting

An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting XSS vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function...

hledger 跨站脚本漏洞

hledger is HLEDGER open source a powerful, fast and intuitive plain text accounting tool with CLI, TUI and Web interfaces. A security vulnerability exists in hledger versions prior to 1.23 that stems from a problem in toBloodhoundJson that allows an attacker to execute JavaScript by encoding...

apr-util: out-of-bounds writes in the apr_base64

A flaw was found in the Apache Portable Runtime Utility APR-util library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions...

PT-2023-4872

Name of the Vulnerable Software and Affected Versions gRPC affected versions not specified Description The issue is related to a base64 encoding error for -bin suffixed headers, which can cause a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. This can be exploited by...

TigerGraph 安全漏洞

TigerGraph is one of the world's fastest and most scalable graph analytics platforms from the TigerGraph community. Enabling real-time big data graph applications. A security vulnerability exists in TigerGraph Enterprise Free Edition 3.x series versions that stems from the fact that all...

CVE-2023-22949

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user credentials. All authenticated GSQL access requests are logged by TigerGraph in multiple places. Each request includes both the username and password of the user in an easily decodable base64 form. That...

Command Shell, Reverse SCTP (via python)

Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+. Module Options msf use payload/python/shellreversesctp msf payloadshellreversesctp show actions ...actions... msf payloadshellreversesctp set ACTION msf payloadshellreversesctp show...

Rukovoditel 3.3.1 Remote Code Execution

Exploit Title: Rukovoditel 3.3.1 - Remote Code Execution RCE Version: 3.3.1 Bugs: rce via jpeg file upload Technology: PHP Vendor URL: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Date of found: 12-03-2023 Author: Mirabbas Ağalarov Tested on: Linux 2...

Exploit for Untrusted Search Path in Softexpert Excellence_Suite

Remote Code Execution in SoftExpert Excellence Suite 2.0 - CVE...

Shining Light on Dark Power: Yet Another Ransomware Gang

Shining Light on Dark Power: Yet Another Ransomware Gang By Pham Duy Phuc and Tomer Shloman · March 23, 2023 This blog was also written by Max Kersten Another day, another ransomware gang. The Dark Power ransomware gang is new on the block, and is trying to make a name for itself. This blog dives...