微信打赏（Wechat Reward) Security Vulnerabilities

Lazarus Group Behind $540 Million Axie Infinity Crypto Hack and Attacks on Chemical Sector

The U.S. Treasury Department has implicated the North Korea-backed Lazarus Group (aka Hidden Cobra) in the theft of $540 million from video game Axie Infinity's Ronin Network last month. On Thursday, the Treasury tied the Ethereum wallet address that received the stolen digital currency to the...

WordPress Simple Ajax Chat plugin信息泄露漏洞

WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Simple Ajax Chat plugin has an information disclosure vulnerability, no detailed vulnerability details are...

Microsoft Windows Hyper-V Shared Virtual Hard Disks信息泄露漏洞（CNVD-2022-62514）

Microsoft Hyper-V is an application from Microsoft Corporation (USA). A system hypervisor virtualization technology that enables desktop virtualization. Microsoft Windows Hyper-V Shared Virtual Hard Disks has an information disclosure vulnerability that could be exploited by attackers to obtain...

SAP BusinessObjects Business Intelligence platform信息泄露漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP Germany. The platform combines market-leading SAP data integration products, data management products, and business intelligence (BI) products to eliminate system integration challenges and...

SAP BusinessObjects Business Intelligence Platform信息泄露漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP Germany. The platform combines market-leading SAP data integration products, data management products, and business intelligence (BI) products to eliminate system integration challenges and...

Microsoft Azure Site Recovery信息泄露漏洞

Microsoft Azure Site Recovery is a site recovery (DRaaS) from Microsoft Corporation for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery is vulnerable to information disclosure. The vulnerability stems from a configuration or other error in the network system or product during...

Microsoft Windows Hyper-V Shared Virtual Hard Disks信息泄露漏洞

Microsoft Hyper-V is an application from Microsoft Corporation (USA). A system hypervisor virtualization technology that enables desktop virtualization. Microsoft Windows Hyper-V Shared Virtual Hard Disks has an information disclosure vulnerability that could be exploited by attackers to obtain...

StrategyPUSDConvex.balanceOfJPEG uses incorrect function signature while calling extraReward.earned, causing the function to unexpectedly revert everytime

Lines of code Vulnerability details Impact As specified in Convex BaseRewardPool.sol and VirtualRewardPool.sol, the function signature of earned is earned(address). However, balanceOfJPEG did not pass any arguments to earned, which would cause balanceOfJPEG to always revert. This bug will...

Wordpress Salon booking system Free and pro信息泄露漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Salon booking system Free and pro is vulnerable to an information disclosure vulnerability that could be exploited....

[WP-H22] Bad debts should not continue to accrue interest

Lines of code Vulnerability details uint256 debtAmount = _getDebtAmount(_nftIndex); require( debtAmount >= _getLiquidationLimit(_nftIndex), "position_not_liquidatable" ); // burn all payment stablecoin.burnFrom(msg.sender, debtAmount); In the current design/implementation, the liquidator...

IBM System Storage DS8000 Hardware Management Console信息泄露漏洞

IBM System Storage DS8000 Hardware Management Console is a hardware management console for the DS8000, an IBM storage media platform from IBM, U.S.A. The IBM System Storage DS8000 Hardware Management Console An information disclosure vulnerability exists, which stems from a network system or...

The State of Stalkerware in 2021

The state of stalkerware in 2021 (PDF) Main findings of 2021 Every year Kaspersky analyzes the use of stalkerware around the world to better understand the threat it poses. We partner with stakeholders across public and private sectors to raise awareness and find solutions to best tackle this...

Exploit for Missing Authentication for Critical Function in Terra-Master Terramaster Operating System

CVE-2022-24990 ** Description - POC for...

Friday Squid Blogging: Do Squid Have Emotions?

Scientists are now debating whether octopuses, squid, and crabs have emotions. Short answer: we don't know, but can't rule it out. There may be a point when humans can no longer assume that crayfish, shrimp, and other invertebrates don't feel pain and other emotions. "If they can no longer be...

Fortinet FortiClient for Linux信息泄露漏洞

Fortinet FortiClient is a fabric agent from Fortinet USA, Inc. It is used to provide protection, compliance, and secure access in a single modular lightweight client.An information disclosure vulnerability exists in Fortinet FortiClient for Linux. An unauthenticated attacker could exploit the...

A SQL injection vulnerability exists in BossCMS of Wenzhou Huyin Information Technology Co.

BossCMS is a self-developed PHP framework for enterprise website building system. Ltd. BossCMS has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database...

SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts

A server-side request forgery (SSRF) flaw in an API of a large financial technology (fintech) platform potentially could have compromised millions of bank customers, allowing attackers to defraud clients by controlling their bank accounts and funds, researchers have found. A team at Salt...

Exploit for Code Injection in Vmware Spring Framework

Spring4shell_behinder 这是什么?...

WordPress Booking Package信息泄露漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress Booking Package is vulnerable to an information disclosure vulnerability that could be exploited by...

Google Chrome File System API信息泄露漏洞

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which is caused by the window.showSaveFilePicker function that parses and returns environment variable values to the user when passing environment variables, which can be exploited by an attacker to.....

Exploit for Expression Language Injection in Vmware Spring Cloud Gateway

SpringCloud-Gateway命令执行漏洞（CVE-2022-22947） 环境搭建...

IBM Sterling Partner Engagement Manager信息泄露漏洞

IBM Sterling Partner Engagement Manager is an automated management tool from IBM Corporation. IBM Sterling Partner Engagement Manager version 6.2.0 is vulnerable to an information disclosure vulnerability that could be exploited by a remote, authenticated attacker to obtain sensitive information...

Exploit for Code Injection in Vmware Spring Framework

CVE-2022-22965 2022.04.02 16:44 优化了POC，不再是一次性验证 Optimized...

System could be wrapped and made useless without contract whitelisting

Lines of code https://github.com/code-423n4/2022-03-paladin/blob/9c26ec8556298fb1dc3cf71f471aadad3a5c74a0/contracts/HolyPaladinToken.sol#L284 https://github.com/code-423n4/2022-03-paladin/blob/9c26ec8556298fb1dc3cf71f471aadad3a5c74a0/contracts/HolyPaladinToken.sol#L268 Vulnerability details Impact....

Exploit for Code Injection in Vmware Spring Framework

CVE-2022-22965 CVE-2022-22965 EXP\n 一般环境需求：...

A Blockchain Primer and Bored Ape Headscratcher – Podcast

Why in the world would a collection of nonfungible token (NFT) gorilla avatars called the Bored Ape Yacht Club (BAYC), run by 30-somethings using aliases like “Emperor Tomato Ketchup” and “No Sass” and adored by celebrities, spiral on up to a multibillion-dollar valuation (…and, by the way, how...

Exploit for CVE-2022-24934

CVE-2022-24934 漏洞概述 WPS...

CoreCollection's token transfer can be disabled

Lines of code https://github.com/code-423n4/2022-03-joyn/blob/main/splits/contracts/Splitter.sol#L164 Vulnerability details Impact When royaltyAsset is an ERC20 that doesn't allow zero amount transfers, the following griefing attack is possible, entirely disabling CoreCollection token transfer by.....

Conti Leaks: Examining the Panama Papers of Ransomware | Trellix

Conti Leaks: Examining the Panama Papers of Ransomware By John Fokker, Jambul Tologonov · March 31, 2022 Introduction It isn’t often the whole world gets an inside look of the business operations of a top tier cybercriminal group. Very early on in the Russian-Ukrainian Crisis the predominantly...

Jenkins instant-messaging Plugin信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from unencrypted group chat passwords stored in the...

[WP-H9] LenderPool.sol#start() startFeeFraction can be used by a malicious/compromised owner to rug lenders

Lines of code Vulnerability details A configurable startFeeFraction with no upper bound can be claimed by the caller to a specified address. The fee is not based on the gas cost, but on the _totalLent of the pool. We believe this startFee reward is unnecessary and it creates a potential rug...

Conti Leaks: Examining the Panama Papers of Ransomware | Trellix

Conti Leaks: Examining the Panama Papers of Ransomware By John Fokker, Jambul Tologonov · March 31, 2022 Introduction It isn’t often the whole world gets an inside look of the business operations of a top tier cybercriminal group. Very early on in the Russian-Ukrainian Crisis the predominantly...

Exploit for Expression Language Injection in Vmware Spring Cloud Gateway

在王政代码基础上添加了，两种反弹shell，出网探测， 运行行时缺少什么模块。使用pip下载哪个模块就行了。...

New Malware Loader 'Verblecon' Infects Hacked PCs with Cryptocurrency Miners

An unidentified threat actor has been observed employing a "complex and powerful" malware loader with the ultimate objective of deploying cryptocurrency miners on compromised systems and potentially facilitating the theft of Discord tokens. "The evidence found on victim networks appears to...

DOJ Indicts Russian Gov’t Employees Over Targeting Power Sector

The U.S. Department of Justice (DOJ) has indicted four Russian government employees in connection to plots to cyber-fry critical infrastructure in the United States and beyond, including at least one nuclear power plant. The campaigns involved one of the most dangerous malwares ever encountered in....

CVE-2021-44751

A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most....

CVE-2021-44751

A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most....

Design/Logic Flaw

A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most....

CVE-2021-44751 F-Secure SAFE Browser vulnerable to USSD attacks

A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most....

Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector

Summary Actions to Take Today to Protect Energy Sector Networks: • Implement and ensure robust network segmentation between IT and ICS networks. • Enforce MFA to authenticate to a system. • Manage the creation of, modification of, use of—and permissions associated with—privileged accounts. This...

Delta Electronics DIAEnergie信息泄露漏洞

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.Delta Electronics.....

Exploit for Expression Language Injection in Vmware Spring Cloud Gateway

漏洞简介 Spring Cloud Gateway 是 Spring Cloud 的一个全新项目，该项目是基于...

Exploit for Expression Language Injection in Vmware Spring Cloud Gateway

漏洞简介 Spring Cloud Gateway 是 Spring Cloud 的一个全新项目，该项目是基于...

South Korean DarkHotel Hackers Targeted Luxury Hotels in Macau

Luxury hotels in the Chinese special administrative region of Macau were the target of a malicious spear-phishing campaign from the second half of November 2021 and through mid-January 2022. Cybersecurity firm Trellix attributed the campaign with moderate confidence to a suspected South Korean...

Exploit for Missing Authentication for Critical Function in Terra-Master Terramaster Operating System

CVE-2022-24990...

Exploit for CVE-2022-0337

🤝 Show your support - give a ⭐️ if you...

Experts Find Some Affiliates of BlackMatter Now Spreading BlackCat Ransomware

An analysis of two ransomware attacks has identified overlaps in the tactics, techniques, and procedures (TTPs) between BlackCat and BlackMatter, indicating a strong connection between the two groups. While it's typical of ransomware groups to rebrand their operations in response to increased...

Suspected DarkHotel APT Activity Update

Suspected DarkHotel APT activity update One Hotel to rule them all, One Hotel to find them, One Hotel to bring them all and in the darkness bind them. By John Fokker · March 17, 2022 This story was also written by Thibault Seret Introduction: Our advanced threat research team has discovered a...

Jenkins Vmware vRealize CodeStream Plugin信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Vmware vRealize CodeStream Plugin...

Suspected DarkHotel APT Activity Update

Suspected DarkHotel APT activity update One Hotel to rule them all, One Hotel to find them, One Hotel to bring them all and in the darkness bind them. By John Fokker · March 17, 2022 This story was also written by Thibault Seret Introduction: Our advanced threat research team has discovered a...