1017 matches found
Directory traversal
DISPUTED The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1../configuration.php&download=1 request. The specific pathname ../configuration.php...
NAT32 2.2 Build 22284 - Remote Command Execution Vulnerability
Exploit for windows platform in category web applications + Credits: hyp3rlinx Vendor: ============= www.nat32.com Product: ================= NAT32 Build 22284 NAT32 is a versatile IP Router implemented as a WIN32 application. Vulnerability Type: =================== Remote Command Execution CVE...
SQLmap Tamper-API - SQLMap Tamper API To Accept Tamper Scripts From All Languages
It's an API for SQLmap tamper scripts allows you to use your favorite programming language to write your tamper scripts. This API solves SQLmap limitation of accepting only python to write tamper scripts. How it works taper-api.py script sends the payload and kwargs in a JSON format "payload": ""...
DOC+ mobile clinic - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application DOC+ mobile clinic published at the 'play' market has multiple vulnerabilities...
rust-base64 buffer error vulnerability
rust-base64 is a Base64 encoding tool for the Rust language. A buffer overflow vulnerability exists in rust-base64 version 0.5.1 and earlier. An attacker can exploit this vulnerability to cause memory corruption and possibly execute arbitrary code...
Updated curl packages fix security vulnerability
If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. The issue pertains to the function that loads cookies into memory, which reads the specified file...
CVE-2017-1000430
rust-base64 version = 0.5.1 is vulnerable to a buffer overflow when calculating the size of a buffer to use when encoding base64 using the 'encodeconfigbuf' and 'encodeconfig' functions...
CVE-2017-1000430
rust-base64 version = 0.5.1 is vulnerable to a buffer overflow when calculating the size of a buffer to use when encoding base64 using the 'encodeconfigbuf' and 'encodeconfig' functions...
CVE-2017-3192
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The toolsadmin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page potentially through a...
CVE-2017-3192
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The toolsadmin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page potentially through a...
Authentication flaw
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The toolsadmin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page potentially through a...
CVE-2017-3192
The CVE-2017-3192 issue affects D-Link DIR-130 (firmware 1.23) and DIR-330 (firmware 1.12). Public details confirm an authentication-related flaw where the tools_admin.asp page transmits the administrator password in base64, allowing a remote attacker with access to that page to potentially obtai...
CVE-2017-3192
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The toolsadmin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page potentially through a...
PT-2017-15702 · D Link · D-Link Dir-330 +1
Name of the Vulnerable Software and Affected Versions: D-Link DIR-130 version 1.23 D-Link DIR-330 version 1.12 Description: The issue concerns insufficient protection of administrator credentials. Specifically, the tools admin.asp page returns the administrator password in base64 encoding, allowi...
Schneider Electric Pelco VideoXpert Missing Encryption Of Sensitive Information
Summary VideoXpert is a video management solution designed for scalability, fitting the needs surveillance operations of any size. VideoXpert Ultimate can also aggregate other VideoXpert systems, tying multiple video management systems into a single interface. Description The software transmits...
Command Shell, Bind TCP (via python)
Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.4-2.7 and 3.4+. module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include Msf::Payload::Python include Msf::Sessions::CommandShellOptions def initializeinfo =...
HBGK DVR 3.0.0 Build 20161206 Authentication Bypass Vulnerability
Exploit for hardware platform in category web applications Exploit Title: HBGK DVR V3.0.0 build20161206 - Authentication Bypass Date: 24-09-2017 Vendor Homepage: http://www.hbgk.net/en/ Exploit Author: RAT - ThiefKing Contact: https://www.facebook.com/cctvsuperpassword Website: http://tromcap.com...
Oracle 9i XDB 9.2.01 HTTP PASS Buffer Overflow Exploit
Oracle 9i XDB version 9.2.0.1 HTTP PASS buffer overflow exploit. Exploit Title:Oracle 9i XDB HTTP PASS Buffer Overflow Date: 09/25/2017 Exploit Author: Charles Dardaman Twitter: https://twitter.com/CharlesDardaman Website: http://www.dardaman.com Version:9.2.0.1 Tested on: Windows 2000 SP4 CVE:...
UC Browser - Fast Download Private & Secure - Base64 encoded String, Customized SSL, Redefined SSL Common Names verifier vulnerabilities
HackApp vulnerability scanner discovered that application UC Browser - Fast Download Private & Secure published at the 'play' market has multiple vulnerabilities...
The vulnerability of the Network Security Services library allows a perpetrator to cause a service failure or exert other effects.
The vulnerability of the Network Security Services library lies in the writing beyond the buffer boundaries in memory. This vulnerability arises due to incorrect decoding of Base64-encoded data. Exploiting this vulnerability can allow a malicious actor to cause service failures or other effects b...