SAP NetWeaver Application Server ABAP and ABAP Platform信息泄露漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany.An information disclosure vulnerability exists in SAP NetWeaver Application Server ABAP and ABAP Platform, which can be exploited by attackers to read connection details stored in SAP The vulnerability can be exploited to.....
4.9CVSS
0.5AI Score
0.001EPSS
Coordinated vulnerability disclosure (CVD) for open source projects
As a vulnerability reporter, you play an important and valuable role in the open source ecosystem. In this guide, I will provide our recommended four-step process for vulnerability disclosure and make suggestions along the way to foster a positive experience. On top of the many tasks open source...
-0.3AI Score
Lines of code Vulnerability details Impact During stake or deposit, users would not be transferred the correct Concur token, when MasterChef has under-supply of it. There is an assumption that MasterChef contract would own enough Concur tokens so as to distribute to users as reward, during deposit....
6.7AI Score
Same reward token in pools can break accounting
Lines of code Vulnerability details The ConvexStakingWrapper contract uses several reward pool tokens rewards[_pid][_index].token and it can be that the same token is used for different _pids. Indeed, the CVX/CRV tokens are always at index 0 and 1. The rewards will be distributed to the first pool....
6.8AI Score
Lines of code Vulnerability details uint256 bal = IERC20(reward.token).balanceOf(address(this)); uint256 d_reward = bal - reward.remaining; // send 20 % of cvx / crv reward to treasury if (reward.token == cvx || reward.token == crv) { IERC20(reward.token).transfer(treasury,...
6.7AI Score
Reentrancy in ConcurRewardPool::claimRewards
Lines of code Vulnerability details Impact Any address that has nonzero reward for a token _tokens[i] is able to drain all contact token funds if the transfer function is reentrant (for example, ERC777 token). As _tokens[i] is an arbitrarily implemented, a reentrant transfer function can be...
6.8AI Score
Lines of code Vulnerability details Impact If deposits and withdraws are done frequently enough, the reward update operation they invoke will deal mostly with the case when there is nothing to add yet, i.e. reward.remaining match the reward token balance. If reward token doesn't allow for zero...
6.9AI Score
Wrong pools reward calculation. User will get smaller rewards (always)
Lines of code Vulnerability details Impact When adding new token pool for staking in MasterChef contract function add(address _token, uint _allocationPoints, uint16 _depositFee, uint _startBlock) All other, already added, pools should be updated but currently they are not. Instead, only...
6.8AI Score
Owner can lock tokens in MasterChef
Lines of code Vulnerability details Impact Owner can remove a depositor. Since only depositors can deposit and withdraw, the owner may add a contract to the whitelist, let users deposit in the contarct and remove the depositor from the whitelist. Depositor's reward cannot be withdrawn then. And...
6.8AI Score
Remaining reward balance is wrongly updated
Lines of code Vulnerability details The ConvexStakingWrapper.calcRewardIntegral function makes the d_reward = IERC20(reward.token).balanceOf(address(this)); - reward.remaining amount available for claiming. Then it updates the reward.remaining value to the balance _before the distribution....
6.7AI Score
Potential Re-entrancy Attack via ETH or ERC777 Token Transfer
Lines of code Vulnerability details Impact The CEI pattern is not being implemented properly in the claimRewards function of the ConcurRewardPool.sol. https://github.com/code-423n4/2022-02-concur/blob/main/contracts/ConcurRewardPool.sol#L37 function claimRewards(address[] calldata _tokens)...
7AI Score
Wrong reward token calculation in MasterChef contract
Lines of code Vulnerability details Impact When adding new token pool for staking in MasterChef contract function add(address _token, uint _allocationPoints, uint16 _depositFee, uint _startBlock) All other, already added, pools should be updated but currently they are not. Instead, only...
6.8AI Score
Lines of code Vulnerability details Impact Token fee in MasterChef can be set to more than 100%, (for example by accident) causing all deposit calls to fail due to underflow on subtraction when reward is lowered by the fee, thus breaking essential mechanics. Note that after the fee has been set to....
6.8AI Score
Lines of code Vulnerability details Impact Function claimRewards in ConcurRewardPool should be re-entrancy protected or first nullify the reward before sending it, otherwise, if any token contains a transfer callback hook, users can claim the same rewards multiple times, by re-entering the...
6.8AI Score
ConvexStakingWrapper._calcRewardIntegral() Has An Accounting Error When Updating reward.remaining
Lines of code Vulnerability details Impact The ConvexStakingWrapper.sol implementation makes several modifications to the original design. One of the key changes is the way rewards are distributed to stakers. A new ConcurRewardPool.sol contract is used to store rewards, allowing users to claim...
7.2AI Score
SourceCodester Simple Cold Storage Management System信息泄露漏洞
Sourcecodester Simple Cold Storage Management System is a web-based application used as a cold storage business website to provide their customers or potential customers with an easy-to-access platform to learn about their company. sourceCodester Simple Cold Storage Management System has a...
9.8CVSS
3.8AI Score
0.002EPSS
Modify version of impacket wmiexec.py,wmipersist.py. Got output(data,response) from registry, don't need SMB connection, but I'm in the bad code :( Specially Thanks to: @rootclay, wechat: _xiangshan Overview In original wmiexec.py, it get response from smb connection (port 445,139)....
8.1AI Score
Palo Alto Networks Cortex XDR信息泄露漏洞
Palo Alto Networks Cortex XDR is a security operations platform for remote endpoint-based detection from Palo Alto Networks Malaysia. A security vulnerability exists in the Palo Alto Networks Cortex XDR agent, which could be exploited by an attacker to read the contents of arbitrary files on the...
5.5CVSS
3.4AI Score
0.0004EPSS
Checks missing while adding rewards
Handle csanuragjain Vulnerability details Impact Reward amount higher than contract reward balance can bring instability in the contract Proof of Concept In FarmingPools.sol contract check notifyRewardAmounts function Observe there is no check to see if added reward is higher than contract...
6.9AI Score
Tolerance is not enforced during a flash governance decision
Handle shw Vulnerability details Impact Most of the functions with a governanceApproved modifier call flashGoverner.enforceTolerance to ensure the provided parameters are restricted to some range of their original values. However, in the governanceApproved modifier,...
7AI Score
Trellix Launches Annual CTF Competition – Catmen Sanfrancisco!
Trellix Launches Annual CTF Competition – Catmen Sanfrancisco! By Trellix · February 1, 2022 This story was written by Steve Povolny. The Advanced Threat Research team, now with Trellix, is pleased to announce the return of our second annual Capture the Flag contest featuring 12 new challenges of.....
6.9AI Score
Stacking with 0 amount will reset rewarded without claiming any flan.
Handle Randyyy Vulnerability details Impact A user can stake their token by calling stake function, by supplying a token, however staking 0 amount token is allowed, staking 0 amount will reset the reward debt, without minting a single flan token, the function will treat as if the user do the...
7AI Score
Trellix Launches Annual CTF Competition – Catmen Sanfrancisco!
Trellix Launches Annual CTF Competition – Catmen Sanfrancisco! By Trellix · February 1, 2022 This story was written by Steve Povolny. The Advanced Threat Research team, now with Trellix, is pleased to announce the return of our second annual Capture the Flag contest featuring 12 new challenges of.....
6.4AI Score
Exploit for Incorrect Authorization in Polkit Project Polkit
CVE-2021-3560 PolKit条件竞争本地提权分析 [toc] 漏洞简介 漏洞编号:...
7.8CVSS
-0.1AI Score
0.012EPSS
user won't be able to get his rewards in case of staking with amount = 0
Handle CertoraInc Vulnerability details Limbo.sol (stake() function) if a user has a pending reward and he call the stake function with amount = 0, he won't be able to get his reward (he won't get the reward, and the reward debt will cover the reward) that's happening because the reward...
6.9AI Score
ConvexStakingWrapper does not update rewards state before transferring tokens
Handle kenzo Vulnerability details ConvexStakingWrapper saves data for reward calculation in dedicated variables for each user, such as reward.reward_integral_for[account]. These variables are not updated when transferring wrapped staked tokens. (Please note that Convex's original...
7AI Score
Rewards distribution can be disrupted by a early user
Handle WatchPug Vulnerability details function _calcRewardIntegral( uint256 _index, address[2] memory _accounts, uint256[2] memory _balances, uint256 _supply, bool _isClaim ) internal { RewardType storage reward = rewards[_index]; uint256 rewardIntegral =...
6.9AI Score
Exploit for Out-of-bounds Write in Polkit Project Polkit
polkit-0.96-CVE-2021-4034 centos 7.x 已经有了 修复CVE-2021-4034...
7.8CVSS
8.4AI Score
0.0005EPSS
Zerodium Spikes Payout for Outlook Zero-Days
Zerodium has jacked up its offering price for Microsoft Outlook zero-day exploits. Act fast if you have the goods and the moral equanimity, to make up to $400,000 for a zero-click, remote code-execution (RCE) exploit. “Zero-click” means that targets neither have to read a malicious email message...
6.5CVSS
0.1AI Score
0.001EPSS
Who Wrote the ALPHV/BlackCat Ransomware Strain?
In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. "BlackCat"), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. In this post, we'll explore some of the clues left behind....
6.5AI Score
Exploit for Off-by-one Error in Sudo Project Sudo
CVE-2021-3156 [toc] 漏洞简介 漏洞编号: CVE-2021-3156...
7.8CVSS
7.9AI Score
0.97EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
CVE-2021-4034 PolKit本地提权分析 [toc] 漏洞简介 漏洞编号:...
7.8CVSS
8.5AI Score
0.0005EPSS
SherlockClaimManager: Incorrect amounts needed and paid for escalated claims
Handle GreyArt Vulnerability details Impact When escalating claims, the documentation states that the protocol agent is required to pay and stake a certain amount for the process. If the covered protocol is proven correct, then the amount specified by the claim will be paid out. They will also...
7AI Score
tokenBalanceOfAddress of nftOwner becomes permanently incorrect after arbRestake
Handle hyh Vulnerability details Impact Sucessfull arbRestake performs _redeemShares for arbRewardShares amount to extract the arbitrager reward. This effectively reduces shares accounted for an NFT, but leaves untouched the addressShares of an nftOwner. As a result the tokenBalanceOfAddress...
6.6AI Score
Reenterancy in _sendSherRewardsToOwner()
Handle kirk-baird Vulnerability details Impact This is a reentrancy vulnerability that would allow the attacker to drain the entire SHER balance of the contract. Note: this attack requires gaining control of execution sher.transfer() which will depend on the implementation of the SHER token....
7.1AI Score
The right ASM tools include understanding where the real risk lies
While companies are just scratching the surface of understanding their Internet-facing architecture, hackers have been monitoring growing attack surfaces to find vulnerabilities where companies aren't looking (or maybe not prioritizing) and reaping the reward through bug bounty...
3.3AI Score
Possible Re-entrancy in _sendSherRewardsToOwner
Handle static Vulnerability details Vulnerability details Impact If the SHER token performs a callback, such as in ERC-777 tokens, when performing transfers, the _sendSherRewardsToOwner function can be run multiple times to extract more rewards than should be available for a single NFT. Proof of...
6.9AI Score
7.4AI Score
0.2AI Score
Google Android Automotive Os信息泄露漏洞
Google Android Automotive Os is an operating system and platform from Google (USA) that runs directly on in-car hardware. Google Android Automotive Os has a security vulnerability that stems from the DevicePickerFragment sending a new device pairing broadcast without any permission checks, so any.....
5.3CVSS
2.6AI Score
0.001EPSS
Don't be afraid of XXE vulnerabilities: understand the beast and how to detect them
Today XML External Entities (XXE) vulnerabilities are still ubiquitous, despite the fact that recommendations to protect against them have been an integral part of security standards for years. In this post, the first in a series of three blog posts, we will try to demystify XXE vulnerabilities...
7.5CVSS
-0.4AI Score
0.012EPSS
Exploit for Deserialization of Untrusted Data in Apache Dubbo
CVE-2021-43297 漏洞描述 Dubbo Hessian-Lite...
9.8CVSS
0.4AI Score
0.011EPSS
At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates
The Russian government said today it arrested 14 people accused of working for "REvil," a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations. The Russian Federal Security Service (FSB) said the actions were taken in response to a...
6.7AI Score
Real Big Phish: Mobile Phishing & Managing User Fallibility
According to a recent survey from Ivanti, nearly three-quarters (74 percent) of IT professionals reported that their organizations have fallen victim to a phishing attack – and 40 percent of those happened in the last month alone. Increasingly, mobile phishing is the culprit. What’s more, nearly...
0.1AI Score
Who is the Network Access Broker ‘Wazawaka?’
In a great many ransomware attacks, the criminals who pillage the victim's network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman...
6.9AI Score
MetInfo is an enterprise website building system developed in php MySQL. Changsha Mito Information Technology Co., Ltd MetInfo has a file upload vulnerability, which can be exploited by attackers to gain control of the...
2.8AI Score
Exploit for Missing Authorization in Gin-Vue-Admin Project Gin-Vue-Admin
Gin-Vue-admin垂直越权漏洞与代码分析-CVE-2022-21660 一、前言...
8.1CVSS
-0.3AI Score
0.001EPSS
Metersphere has a command execution vulnerability
MeterSphere is a one-stop open source continuous testing platform covering test tracking, interface testing, performance testing, team collaboration and other functions, compatible with JMeter and other open source standards, effectively helping development and testing teams to make full use of...
2.2AI Score
Exploit for Improper Input Validation in Microsoft
NoPacScan NoPacScan is a CVE-2021-42287/CVE-2021-42278...
8.4AI Score
Wechat-php-sdk is affected by a Cross Site Scripting vulnerability.
Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vulnerability in...
6.1CVSS
1.8AI Score
0.001EPSS