$0.99 Kindle Books Security Vulnerabilities

SUSE SLED15 / SLES15 Security Update : libcaca (SUSE-SU-2022:3400-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3400-1 advisory. A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in ...

openSUSE: Security Advisory for libcaca (SUSE-SU-2022:3400-1)

The remote host is missing an update for...

Windows 11 pulls ahead of Windows 10 in anti-phishing stakes

Some new security additions and changes have been announced for users of Windows, but you'll have to be using Windows 11 to get the most out of them. Windows 10 users may find that this is going to be a case of falling behind the herd ever so slightly. Anti-phishing tools Enhanced phishing...

Fee on transfer tokens can make users receive less than they are supposed to

Lines of code Vulnerability details Impact Some tokens take a transfer fee (e.g. STA, PAXG). Tokens like these will be supported because the vested amount will be the amount that was actually transferred (i.e. the balance of the contract after the transfer), but it will cause the user to receive...

Employee can be unable to withdraw claimable amount that she or he deserves after admin revokes her or his claim

Lines of code https://github.com/code-423n4/2022-09-vtvl/blob/main/contracts/VTVLVesting.sol#L418-L437 Vulnerability details Impact When an employee has an active claim, this employee can call the following withdraw function to withdraw the claimable amount that she or he is entitled to, which...

Missing ReEntrancy Guard to Withdraw function

Lines of code Vulnerability details Impact Missing ReEntrancy Guard to Withdraw function Proof of Concept There is no re-entry risk on true ERC-20 tokens that work according to the spec (i.e. audited, etc.). However you can write a malicious ERC-20 with custom transferFrom() or approve() that have....

THE amountRemaining IN withdrawAdmin() IS UNDERFLOW

Lines of code https://github.com/code-423n4/2022-09-vtvl/blob/main/contracts/VTVLVesting.sol#L364-L392 Vulnerability details Impact Allocated tokens can get messed up when the amountRemaining in the withdrawAdmin() function is underflowed in rare cases. This will make 'numTokensReservedForVesting'....

The amountRemaining in withdrawAdmin() Function is Underflow

Lines of code Vulnerability details Impact allocatedTokens can get messed up when the amountRemaining in the withdrawAdmin() function is underflowed in rare cases. This will make numTokensReservedForVesting will have a larger amount of funds compared to the funds in the token. This will make it...

Claim can only be created for a recipient once

Lines of code Vulnerability details Claim can only be created for a recipient once The function creating claims, _createClaimUnchecked(), has the hasNoClaim() modifier, that is defined as opposite hasActiveClaim, meaning it reverts if there is an active claim for a user. It reverts if...

Researchers Uncover Years-Long Mobile Spyware Campaign Targeting Uyghurs

A new wave of a mobile surveillance campaign has been observed targeting the Uyghur community as part of a long-standing spyware operation active since at least 2015, cybersecurity researchers disclosed Thursday. The intrusions, originally attributed to a threat actor named Scarlet Mimic back in...

Automatic Cheating Detection in Human Racing

This is a fascinating glimpse of the future of automatic cheating detection in sports: Maybe you heard about the truly insane false-start controversy in track and field? Devon Allen--a wide receiver for the Philadelphia Eagles--was disqualified from the 110-meter hurdles at the World Athletics...

kindle-prime.com Cross Site Scripting vulnerability OBB-2939087

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

PegOracle reported fraction price is constructed to favor the depeg

Lines of code Vulnerability details Depeg event is defined as linked asset price being below the strike price in the terms of the underlying asset. However, the PegOracle aimed to report the fraction of the pegged asset to the underlying always reports the number below 1, no matter how prices are.....

Iranian APT42 Launched Over 30 Espionage Attacks Against Activists and Dissidents

A state-sponsored advanced persistent threat (APT) actor newly christened APT42 (formerly UNC788) has been attributed to over 30 confirmed espionage attacks against individuals and organizations of strategic interest to the Iranian government at least since 2015. Cybersecurity firm Mandiant said...

[Security Nation] Gordon “Fyodor” Lyon on Nmap, the Open-Source Security Scanner

In this episode of Security Nation, Jen and Tod chat with Gordon “Fyodor” Lyon, author of the widely used open-source Nmap Security Scanner. On the doorstep of Nmap’s 25th anniversary, Gordon and our hosts talk about the tool’s impact on asset management, as well as the struggles and triumphs of...

Awesome-Password-Cracking - A Curated List Of Awesome Tools, Research, Papers And Other Projects Related To Password Cracking And Password Security

A curated list of awesome tools, research, papers and other projects related to password cracking and password security. Read the guidelines before contributing! In short: List is alphabetically sorted If in doubt, use awesome-lint If you think an item shouldn't be here open an issue Books Hash...

Ubuntu: Security Advisory (USN-3860-2)

The remote host is missing an update for...

CVE-2021-4214

A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of...

PortSwigger Web Security: Business Logic, currency arbitrage - Possibility to pay less than the price in USD

Currency fluctuate all the time. Theses days EUR / USD key pair is around 1for1. It was even 1:0.99 when I was writing this report. Portswigger doesn't change dynamically the price and exchange rate dynamically. Vulnerability at the following link: https://portswigger.net/buy/pro When you want...

CVE-2022-35953

BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was...

CVE-2022-35953

BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was...

CVE-2022-35953

BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was...

Code injection

BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was...

CVE-2022-35953 URL Redirection to Untrusted Site ('Open Redirect') in bookwyrm

BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was...

The Humble Hub

Over the weekend I organized some old computing equipment. I found this beauty in one of my boxes. It's a Netgear EN104TP hub. I've mentioned this device before, in this blog and my books. This sort of device was the last of the true hubs. In an age where cables seem reserved for data centers or...

CVE-2022-20792

A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code...

IDOR allows to create new collection or modify a existing one

Description A normal user can create a new collection with the provided book ids or add new books to an existing collection, whose operations should be only executed by the administrator. \ \ This is possible due to an missing administrative role check in the /api/collection/update-for-series API.....

CVE-2022-37434

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call...

Fedora: Security Advisory for golang-github-mmarkdown-mmark (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for...

[SECURITY] Fedora 36 Update: golang-github-mmarkdown-mmark-2.2.10-6.fc36

Mmark is a powerful markdown processor written in Go, geared towards writing IETF documents. It is, however, also suited for writing complete books and ot her technical documentation, like the Learning Go book (mmark source, and I-D text...

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

Introduction Rootkits are malware implants which burrow themselves in the deepest corners of the operating system. Although on paper they may seem attractive to attackers, creating them poses significant technical challenges and the slightest programming error has the potential to completely crash....

Google Bringing the Android App Permissions Section Back to the Play Store

Google on Thursday said it's backtracking on a recent change that removed the app permissions list from the Google Play Store for Android across both the mobile app and the web. "Privacy and transparency are core values in the Android community," the Android Developers team said in a series of...

Fedora: Security Advisory for golang-github-mmarkdown-mmark (FEDORA-2022-3969b64d4b)

The remote host is missing an update for...

[SECURITY] Fedora 35 Update: golang-github-mmarkdown-mmark-2.2.10-5.fc35

Mmark is a powerful markdown processor written in Go, geared towards writing IETF documents. It is, however, also suited for writing complete books and ot her technical documentation, like the Learning Go book (mmark source, and I-D text...

Insecure direct object references in `create-shelf` function

Description Insecure direct object references in create-shelf function allows one user to create a shelf on behalf of another. # Proof of Concept ``` POST /create-shelf HTTP/2 Host: book.dansmonorage.blue Cookie: csrftoken=ZpIuGbCcxOyhta5bki4N46N7vknEAcpaG3881kcMAfWKBEYKEiLEeSc3Sr4lUTVa;...

CVE-2022-31012

Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into C:\mingw64\bin\git.exe by mistake. This only happens upon a fresh install, not when upgrading Git for Windows. A patch is...

Cross-Site Request Forgery (CSRF)

Description An attacker is able to download data from a user via the CSV Export function. The export will include all the books on your shelves, books you have reviewed, and books with reading activity. Vulnerable URL https://bookwyrm.social/preferences/export/file Proof of Concept ``` ...

Out-of-bounds memory read vulnerability in Libmobi versions prior to 0.11

Libmobi is a C library for handling Mobipocket/Kindle (MOBI) e-book format documents. It is used to process Mobipocket/Kindle (MOBI) eBook format documents. versions prior to Libmobi 0.11 have a memory out-of-bounds read vulnerability that can be exploited by attackers to obtain sensitive...

Binary vulnerability exists in Libmobi versions prior to 0.11 (CNVD-2022-56619)

Libmobi is a C library used to process Mobipocket/Kindle (MOBI) e-book format documents. It is used to process Mobipocket/Kindle (MOBI) eBook format documents. versions prior to Libmobi 0.11 have a binary vulnerability that can be exploited by attackers to cause a denial of...

Libmobi versions prior to 0.11 are binary vulnerable

Libmobi is a C library used to process Mobipocket/Kindle (MOBI) e-book format documents. It is used to process Mobipocket/Kindle (MOBI) e-book format documents. versions prior to Libmobi 0.11 have a binary vulnerability that could be exploited by attackers to obtain sensitive...

Fedora: Security Advisory for golang-github-mmarkdown-mmark (FEDORA-2022-fae3ecee19)

The remote host is missing an update for...

[SECURITY] Fedora 36 Update: golang-github-mmarkdown-mmark-2.2.10-5.fc36

Mmark is a powerful markdown processor written in Go, geared towards writing IETF documents. It is, however, also suited for writing complete books and ot her technical documentation, like the Learning Go book (mmark source, and I-D text...

CVE-2021-32428

SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) 10 via the author_id parameter to...

CVE-2021-32428

SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) 10 via the author_id parameter to...

Sql injection

SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) 10 via the author_id parameter to...

CVE-2021-32428

SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) 10 via the author_id parameter to...

VAmPI - Vulnerable REST API With OWASP Top 10 Vulnerabilities For Security Testing

The Vulnerable API (Based on OpenAPI 3) VAmPI is a vulnerable API made with Flask and it includes vulnerabilities from the OWASP top 10 vulnerabilities for APIs. It was created as I wanted a vulnerable API to evaluate the efficiency of tools used to detect security issues in APIs. It includes a...

CVE-2022-33987

The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX...

Low Value Definition On The Slippage

Lines of code Vulnerability details Impact Trades can happen at a bad price and lead to receiving fewer tokens than at a fair market price. The attacker's profit is the protocol's loss. Proof of Concept MyStrategy contract has low slippage checks which can lead to being vulnerable to sandwich...

Libmobi Denial of Service Vulnerability (CNVD-2022-54978)

Libmobi is a C library for handling Mobipocket/Kindle (MOBI) e-book format documents. It is used to process Mobipocket/Kindle (MOBI) e-book format documents. A denial of service vulnerability exists in versions of Libmobi prior to v0.10, which stems from the component mobi_buffer_getpointer...