CVE-2017-8417

An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device requires that a user logging into the device provide a username and password. However, the device allows D-Link apps on the mobile devices and desktop to communicate with the device without any authentication. As a part o...

CVE-2017-8413

An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255. This daemon handles custom D-Link UDP based protocol that allows D-Link mobile applications and...

Authentication flaw

An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device requires that a user logging into the device provide a username and password. However, the device allows D-Link apps on the mobile devices and desktop to communicate with the device without any authentication. As a part o...

Design/Logic Flaw

An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255. This daemon handles custom D-Link UDP based protocol that allows D-Link mobile applications and...

CVE-2017-8413

Summary: CVE-2017-8413 affects D-Link DCS-1100 and DCS-1130 network cameras. A custom UDP-based discovery daemon (port 5978, named dldps2121) processes broadcast packets. If a packet with type S (0x53) is received, the base64-encoded parameter C is decoded and passed to a system API, enabling com...

CVE-2017-8417

Affected products: D-Link DCS-1100 and DCS-1130 network cameras. Vulnerability: An authentication bypass allows a third party to retrieve the device password without user credentials by abusing a custom base64-encoded communication channel between D-Link apps and the device, exploitable via sendi...

CVE-2017-8417

An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device requires that a user logging into the device provide a username and password. However, the device allows D-Link apps on the mobile devices and desktop to communicate with the device without any authentication. As a part o...

New Relic: Stored XSS via "my recent queries" selector in NRQL dashboard builder

This is a pretty simple one. Within NR One, there is a stored XSS via the dashboard builder. It appears in the "My recent queries" dropdown. You can attack other users with this bug by having them navigate to the link, I'll show an example below. Steps to Reproduce: 1. From NR1, navigate to the...

WebERP 4.15 - SQL injection Exploit

Exploit for php platform in category web applications Exploit Title: Blind SQL injection in WebERP. Exploit Author: Semen Alexandrovich Lyhin https://www.linkedin.com/in/semenlyhin/ Vendor Homepage: http://www.weberp.org/ Version: 4.15 A malicious query can be sent in base64 encoding to unseriali...

WebERP 4.15 - SQL injection

Exploit Title: Blind SQL injection in WebERP. Date: June 10, 2019 Exploit Author: Semen Alexandrovich Lyhin https://www.linkedin.com/in/semenlyhin/ Vendor Homepage: http://www.weberp.org/ Version: 4.15 A malicious query can be sent in base64 encoding to unserialize function. It can be deserialize...

CVE-2019-6972

An issue was discovered on TP-Link TL-WR1043ND V2 devices. The credentials can be easily decoded and cracked by brute-force, WordList, or Rainbow Table attacks. Specifically, credentials in the "Authorization" cookie are encoded with URL encoding and base64, leading to easy decoding. Also, the...

Sitecore 8.x - Deserialization Remote Code Execution

Sitecore 8.x - Deserialization Remote Code Execution Exploit Title: Sitecore v 8.x Deserialization RCE Date: Reported to vendor October 2018, fix released April 2019. Exploit Author: Jarad Kopf Vendor Homepage: https://www.sitecore.com/ Software Link: Sitecore downloads:...

Zimbra XML Injection / Server-Side Request Forgery

coding=utf8 import requests import sys from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disablewarningsInsecureRequestWarning baseurl=sys.argv1 baseurl=baseurl.rstrip"/" upload file name and content modify by k8gege Connect "shell.jsp" using K8fly...

CVE-2019-12310

ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including...

CVE-2019-5627

CVE-2019-5627 concerns the iOS app BlueCats Reveal prior to version 5.14, which stores the user credentials in the app cache as base64-encoded strings (clear text). These credentials persist after logout, enabling local attackers with physical device access or a compromised app to potentially com...

CVE-2019-5627 BlueCats Reveal iOS App Insecure Storage

The iOS mobile application BlueCats Reveal before 5.14 stores the username and password in the app cache as base64 encoded strings, i.e. clear text. These persist in the cache even if the user logs out. This can allow an attacker to compromise the affected BlueCats network implementation. The...

Information Disclosure

jenkins is vulnerable to information disclosure. The vulnerability exists as jenkins stores cendentials using base64 encoding...

Arris Touchstone TG1672 Credential Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ================================================================================ Title: Arris Touchstone TG1672 Administrative Login Vulnerabilities Product: Arris Touchstone TG1672 Version: TS0901103AS09221616XX.GWSIP most likely other versions...

Cross-Site Scripting in editor.md

All versions of editor.md are vulnerable to Cross-Site Scripting. User input is insufficiently sanitized, allowing attackers to inject malicious code in payloads containing base64-encoded content. Recommendation No fix is currently available. Consider using an alternative module until a fix is ma...

CVE-2019-7648

CVE-2019-7648 affects Hotels_Server up to 2018-11-05, where controller/fetchpwd.php and controller/doAction.php rely on base64 to protect passwords. The impact is described as insufficient confidentiality protection (base64 is not a crypto safeguard), with CVSSv3 vector: NETWORK, LOW attack compl...