6578 matches found
Eudora 6.1.2 attachment spoof
Eudora 6.1.2 for Windows was released on 21 June 2004. The release notes http://www.eudora.com/download/eudora/windows/6.1.2/RelNotes.txt say: SECURITY Fixed case where attachments could be spoofed via base64 encoded plain-text, inline MIME parts. Not so. Harmless demo below. Cheers, Paul Szabo -...
BNBT memory corruption
Memory corruption on incomplete base64 string...
[Full-Disclosure] Icecast 2.0.0 preauth overflow
There exists a remotely exploitable heap overflow in Icecast 2.0.0. The bug exists in the handling of base64 Authorization request. This bug was found in about 40 seconds during a HTTP audit of the web component of Icecast with the fuzzer SMUDGE http://felinemenace.org/nd/SMUDGE/ People complaine...
ServerAlive weak encryption
Passwords are stored in text file in base64 format...
Server Alive week password encryption
Product Description : Servers Alive is an end-to-end network monitor program. Among the many checks it can do: it can monitor any Winsock service, ping a host, check if an NT service/process is running, check the available disk space on a server, retrieve an URL, check your database engine, and...
[waraxe-2004-SA#018 - Admin-level authentication bypass in phpnuke 6.x-7.2]
================================================================================ waraxe-2004-SA018 ================================================================================ Admin-level authentication bypass in phpnuke 6.x-7.2...
[waraxe-2004-SA#017 - User-level authentication bypass in phpnuke 6.x-7.2]
================================================================================ waraxe-2004-SA017 ================================================================================ User-level authentication bypass in phpnuke 6.x-7.2...
CVE-2004-1932
SQL injection vulnerability in 1 auth.php and 2 admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter...
Apache 2.0.45 - APR Crash
Apache 2.0.45 - APR Crash !/usr/bin/perl Apache 2.0.37 - 2.0.45 APR Exploit Written By Matthew Murphy This Perl script will successfully exploit any un-patched Apache 2.x servers. Base64 Encoder If you want authentication with the server via HTTP's lame Basic auth, put the proper string to encode...
Apache 2.0.45 - 'APR' Crash
!/usr/bin/perl Apache 2.0.37 - 2.0.45 APR Exploit Written By Matthew Murphy This Perl script will successfully exploit any un-patched Apache 2.x servers. Base64 Encoder If you want authentication with the server via HTTP's lame Basic auth, put the proper string to encode BASE64 content, and use...
Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
Exploit for linux platform in category remote exploits ====================================================== Apache ; $host =...
W3Mail multiple bugs
delete.cgi invokes external program though system call without escaping shell characters. It's possible to change server configuration without administrator's permissions. All passwords are stored in Base64 encoding...
PHP-Nuke v5.6 - Users can compromise admin accts.
Tested on PHP-Nuke v5.6 with Mozilla on Linux should work on past versions and on most browsers Impact: --------------------------------------------- Allows any user to get admin access to a PHP-Nuke site. Summary: ---------------------------------------------- Due to a XSS flaw in PHPNuke's...
CVE-2002-0670
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing...
CVE-2002-0670
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 uses Base64 encoded usernames and passwords for HTTP basic authentication, which allows remote attackers to steal and easily decode the passwords via sniffing...
CVE-2002-0670
The CVE-2002-0670 issue affects Pingtel xpressa SIP phones (software versions 1.2.5–1.2.7.4). The web interface uses HTTP Basic authentication with Base64-encoded credentials, allowing remote attackers to sniff and decode usernames/passwords in transit. Documents confirm the risk is tied to unenc...
CVE-2001-0692
The vulnerability CVE-2001-0692 affects WatchGuard Firebox SMTP proxy in models 2500 and 4500 running versions 4.5 and 4.6. A remote attacker can bypass firewall filtering by sending a base64 MIME email attachment whose boundary name ends with two dashes, exploiting how the SMTP proxy processes M...
PhpNuke Admin password can be stolen !
PhpNuke Admin password can be stolen ! by Cabezon Aurйlien | [email protected] http://www.isecurelabs.com/article.php?sid=229 FR VERSION + screen shot Vulnerable : PhpNuke 5.1 Other version : not tested PostNuke : not tested 1 Introduction I have found a way to stole PhpNuke Admin...
Слабое шифрование в PHP-Nuke (weak encryption)
Вместо исопльзование сеансовых cookie, cookie содержат пароль администратора в base64...
php-nuke.5.1.txt
PhpNuke Admin password can be stolen ! by Cabezon Aurélien | [email protected] http://www.isecurelabs.com/article.php?sid=229 FR VERSION + screen shot Vulnerable : PhpNuke 5.1 Other version : not tested PostNuke : not tested 1 Introduction I have found a way to stole PhpNuke Admin...