CVE-2018-18753

Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF...

WordPress FV Flowplayer 7.2.0.727 Cross Site Scripting

waraxe-2018-SA107 - Reflected XSS in FV Flowplayer Wordpress plugin ================================================================================ Author: Janek Vind "waraxe" Date: 20. September 2018 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-107.html Target description: FV...

CVE-2016-8617

The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via CURLOPTUSERNAME...

Code injection

The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. The base64 encoding format is considered equivalent to cleartext...

CVE-2016-6545

Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the user changes the associated password...

CVE-2016-6546

The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. The base64 encoding format is considered equivalent to cleartext...

Directory traversal

PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cpsconfig.xml file...

CVE-2018-10327

PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cpsconfig.xml file...

CVE-2018-10327

PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cpsconfig.xml file...

CVE-2018-10327

PrinterOn Enterprise 4.1.3 stores Active Directory bind credentials using base64 encoding in cps_config.xml, allowing a local user to read credentials for a domain user. Affected: PrinterOn Enterprise 4.1.3; root cause: credentials are stored in base64 (not encrypted). Impact: potential credentia...

CVE-2018-10327

PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cpsconfig.xml file...

The Catch 22 of Base64: Attacker Dilemma from a Defender Point of View

Web application threats come in different shapes and sizes. These threats mostly stem from web application vulnerabilities, published daily by the vendors themselves or by third-party researchers, followed by vigilant attackers exploiting them. To cover their tracks and increase their attack...

Drupal 7.58 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution

Drupal 7.58 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution !/usr/bin/env ruby CVE-2018-7600 Drupal &1' ; " bashcmd = "echo " + Base64.strictencode64bashcmd + " | base64 -d" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Function httprequest type data def...

CVE-2018-8947

rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request...

Design/Logic Flaw

rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request...

CVE-2018-8947

rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request...

CVE-2018-8947

rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request...

CVE-2018-8947

The CVE-2018-8947 entry applies to rap2hpoutre Laravel Log Viewer prior to v0.13.0. The vulnerability stems from using Base64 encoding for the l, dl, and del requests, which allows remote attackers to bypass access restrictions and read arbitrary files via the dl endpoint. Impact is a local file ...

CVE-2018-8947

rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request...

CVE-2018-7482

The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1../configuration.php&download=1 request. The specific pathname ../configuration.php should b...