S12700, S1700,s3700,s5700,s6700,s7700, S9700, Ecns210 Td Security Vulnerabilities

accure interest function is likely failed to accure interest for token with low decimal

Lines of code Vulnerability details Impact loss of precision is too high when accuring interest Proof of Concept When intereste accures, we are calling uint256 interestAmount; { uint256 interestRate = IIRM(irm).getInterestRate(address(this), trancheIndex, totalDeposit, totalBorrow); ...

Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File

Description The laters version of Kimai is found to be vulnerable to a critical Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML.....

Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File

Description The laters version of Kimai is found to be vulnerable to a critical Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML.....

Mailchecker - Cross-language Temporary (Disposable/Throwaway) Email Detection Library. Covers 55 734+ Fake Email Providers

Cross-language email validation. Backed by a database of over 55 000 throwable email domains. Validate the format of your email (uses validator.js email regex underneath and FILTER_VALIDATE_EMAIL for PHP) Validate if the email is not a temporary mail (yopmail-like..., add your own dataset to...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft

PoC for the ThemeBleed CVE-2023-38146 exploit (Windows 11...

Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credential Disclosure

...

Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credential Disclosure Vulnerability

The Electrolink FM/DAB/TV Transmitter suffers from a disclosure of clear-text credentials in login.htm and mail.htm that can allow security bypass and system...

Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credentials Disclosure

Title: Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credentials Disclosure Advisory ID: ZSL-2023-5789 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, Exposure of System Information, Exposure of Sensitive Information Risk: (5/5) Release Date: 30.09.2023 ...

Lamano CMS 2.0 Cross Site Request Forgery

...

Italia Mediasky CMS 2.0 Cross Site Request Forgery

...

Exploit for CVE-2022-32862

%PDF-1.5 %���� 16 0 obj << /Length 972 /Filter...

Magento LTS's guest order "protect code" can be brute-forced too easily

Impact Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack....

Magento LTS's guest order "protect code" can be brute-forced too easily

Impact Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack....

PrestaShop MyPrestaModules - PhpInfo Disclosure

PrestaShop modules by MyPrestaModules expose...

Russian State-Backed 'Infamous Chisel' Android Malware Targets Ukrainian Military

Cybersecurity and intelligence agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Thursday disclosed details of a mobile malware strain targeting Android devices used by the Ukrainian military. The malicious software, dubbed Infamous Chisel and attributed to a Russian...

Easy Address Book Web Server 1.6 Buffer Overflow / Cross Site Scripting

...

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 14, 2023 to August 20, 2023)

Last week, there were 64 vulnerabilities disclosed in 67 WordPress Plugins and 10 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

Serial Codes Generator and Validator with WooCommerce Support < 2.4.15 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

Evsanati Radyo 1.0 Shell Upload

...

H2 Database Web Interface Create Alias Remote Code Execution Exploit

The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not...

H2 Web Interface Create Alias Remote Code Execution

...

E-Biz CMS 2.0 Cross Site Request Forgery

...

Pyro CMS 3.9 Server-Side Template Injection

...

Datoo Complete Dating Script 1.0 HTML Injection

...

H2 Web Interface Create Alias RCE

The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not...

Doubleclick Admin 1 Cross Site Request Forgery

...

Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated) Exploit

...

Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated)

...

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 24, 2023 to July 30, 2023)

Last week, there were 64 vulnerabilities disclosed in 66 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in....

WebCalendar 1.3 Cross Site Request Forgery

...

CMSUsina 2.2.3 Cross Site Request Forgery

...

Fuji Xerox / Fujifilm Printer Detection (HTTP)

HTTP based detection of Fuji Xerox / Fujifilm printer...

ETSI WEBstore 2023 Cross Site Scripting

...

ETSI WEBstore 2023 - Persistent Cross Site Vulnerability

...

Imcat 4.4 - Phpinfo Configuration

Imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1...

Webile v1.0.1 - Multiple Cross Site Scripting Vulnerability

...

PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities

...

ViaTalk CP - Persistent XSS Web Vulnerability

...

Webile v1.0.1 - Multiple Cross Site Scripting

...

Dooblou WiFi File Explorer 1.13.3 - Multiple Vulnerabilities

...

PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities

...

PimpMyLog 1.7.14 Improper Access Control

...

Tiva Events Calender 1.4 Cross Site Scripting

...

Webile 1.0.1 Cross Site Scripting

...

PimpMyLog v1.7.14 - Improper access control Exploit

...

PaulPrinting CMS Cross Site Scripting

...

PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities

...

PimpMyLog v1.7.14 - Improper access control

...

Dooblou WiFi File Explorer 1.13.3 Cross Site Scripting

...

Exploit for Exposure of Resource to Wrong Sphere in Servicenow

...