PT-2019-14422 · Unknown · Simple-Mail-Address-Encoder

Name of the Vulnerable Software and Affected Versions: simple-mail-address-encoder plugin versions prior to 1.7 Description: The issue is related to reflected XSS in the simple-mail-address-encoder plugin. Recommendations: For versions prior to 1.7, update to version 1.7 or later to resolve the...

The vulnerability of the PlaintextPasswordEncoder class implementation in the Java framework for securing Spring Security industrial applications allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the PlaintextPasswordEncoder class implementation in the Spring Security Java framework, which is designed for securing industrial applications, is related to deficiencies in managing registration data. Exploiting this vulnerability could allow an attacker, operating remotely...

Schneider Electric Pelco Endura NET55XX Encoder - Authentication Bypass Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Schneider Electric Pelco Endura NET55XX Encoder", 'Description' = %q This module exploits inadequate access controls within the webUI to enable t...

Schneider Electric Pelco Endura NET55XX Encoder - Authentication Bypass (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Schneider Electric Pelco Endura NET55XX Encoder", 'Description' = %q This module exploits inadequate access controls within the webUI to enable t...

imagemagick/encoder_bmp_fuzzer: Use-of-uninitialized-value in cmsMLUgetASCII

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5742789528125440 Project: imagemagick Fuzzer: libFuzzerimagemagickencoderbmpfuzzer Fuzz target binary: encoderbmpfuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type:...

Schneider Electric Pelco Endura NET55XX Encoder

This module exploits inadequate access controls within the webUI to enable the SSH service and change the root password. This module has been tested successfully on: NET5501, NET5501-I, NET5501-XT, NET5504, NET5500, NET5516, NET550 versions. This module requires Metasploit:...

The vulnerability of the Dovecot mail server JSON encoder, which allows a hacker to cause a service failure

The vulnerability of the Dovecot mail server JSON encoder is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker, operating remotely, to cause a service failure due to attempting to authenticate with an invalid UTF-8 sequence as the user na...

WordPress Simple Mail Address Encoder plugin <= 1.6.1 - Reflected Authenticated Cross-Site Scripting (XSS) vulnerability

Reflected Authenticated Cross-Site Scripting XSS vulnerability found in WordPress Simple Mail Address Encoder plugin versions = 1.6.1. Solution Update the WordPress Simple Mail Address Encoder plugin to the latest available version at least 1.7...

Simple Mail Address Encoder <= 1.6.1 - Reflected Authenticated XSS

Reflected XSS in the base64 encoded fwurl parameter when the plugin has been used for 30 days and shows a donation notice PoC https:///wp-admin/options-general.php?page=smae=remind=Iyc7YWxlcnQoL1hTUy8pOy8v...

Simple Mail Address Encoder <= 1.6.1 - Reflected Authenticated XSS

Reflected XSS in the base64 encoded fwurl parameter when the plugin has been used for 30 days and shows a donation notice https:///wp-admin/options-general.php?page=smae&smaeaction=remind&fwurl=Iyc7YWxlcnQoL1hTUy8pOy8v...

Hostname-based Context Keyed Payload Encoder

Context-Keyed Payload Encoder based on hostname and x64 XOR encoder. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Hostname-based Context Keyed Payload Encoder', 'Description' = 'Context-Keye...

Linux/x86 - ASCII AND, SUB, PUSH, POPAD Encoder Shellcode

!/usr/bin/env python3 INTRODUCTION Encoder Title: ASCII shellcode encoder via AND, SUB, PUSH, POPAD Date: 26.6.2019 Encoder Author: Petr Javorik, www.mmquant.net Tested on: Linux ubuntu 3.13.0-32-generic, x86 Special thx to: Corelanc0d3r for intro to this technique Description: This encoder is...

EulerOS 2.0 SP8 : dovecot (EulerOS-SA-2019-1644)

According to the versions of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be...

Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes)

Title: Linux/x86 - Reposition + INC encoder with execve/bin/sh Shellcode 66 bytes Author: Jonathan So Purpose: decode and spawn a /bin/sh shell Tested On: Linux kali 4.19.0-kali4-686 1 SMP Debian 4.19.28-2kali1 2019-03-18 i686 GNU/Linux Arch: x86 Size: 66 bytes Write-up Link:...

imagemagick/encoder_heic_fuzzer: Bad-cast to std::__1::__shared_weak_count from invalid vptr in std::__1::shared_ptr<heif::HeifPixelImage>::~shared_ptr

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5669433122488320 Project: imagemagick Fuzzer: libFuzzerimagemagickencoderheicfuzzer Fuzz target binary: encoderheicfuzzer Job Type: libfuzzerubsanimagemagick Platform Id: linux Crash Type:...

CVE-2019-6814

A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI...

CVE-2019-6814

A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI...

Authentication flaw

A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI...

CVE-2019-6814

CVE-2019-6814 affects Schneider Electric Pelco Endura NET55XX Encoder families with firmware versions prior to 2.1.9.7, due to CWE-287 Improper Authentication. A remote attacker could craft a malicious request to the encoder webUI, leading to an authentication bypass impacting confidentiality, in...

CVE-2019-6814

A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI...