SRC-2021-0029 : Dedecms GetCookie Type Juggling Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of Dedecms. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetCookie function. The issue results from a loose comparison check...
0.1AI Score
Validator can fail to receive commission reward in redeemAllRewards
Handle jonah1005 Vulnerability details Impact Validator can fail to receive commission reward by calling redeemAllRewards. There's a check in redeemAllRewards uint128 rewards = sharesToTokens(s.shares, v.exchangeRate) - s.staked; require(rewards > 0, "Nothing to redeem"); The...
6.8AI Score
Epoch may rounded to zero in deposit depositRewardTokens and takeOutRewardTokens
Handle jonah1005 Vulnerability details division bias in deposit depositRewardTokens and takeOutRewardTokens Impact When the owner deposits reward into the contract, the remainder would not be counted. These dust tokens would be left in the contract. There's a similar issue in takeOutRewardTokens......
6.9AI Score
Handle kenzo Vulnerability details By adding a small of amount of staking to a normal user scenario, and not approving this small amount as a loan for anybody, a staker can gain disproportionate amounts of comptroller rewards, even to the point of draining the contract. For example: Stakers A,B,C.....
6.8AI Score
Users could lose funds if owner took out reward which is not multiplier of allocatedTokensPerEpoch
Handle xYrYuYx Vulnerability details Impact User could lost funds if owner take reward which is not multiplier of allocatedTokensPerEpoch. Proof of Concept This is my test case to proof this issue. This issue occur because of Line 104...
6.7AI Score
reward tokens could get lost due to rounding down
Handle gpersoon Vulnerability details Impact The function depositRewardTokens divides the "amount" of tokens by allocatedTokensPerEpoch to calculate the endEpoch. When "amount" isn't a multiple of allocatedTokensPerEpoch the result of the division will be rounded down, effectively losing a number.....
7AI Score
Unable to redeem rest funds if deposited reward is not multiplier of allocatedTokensPerEpoch
Handle xYrYuYx Vulnerability details Impact Owner will deposit any amount of reward if amount is greater than allocatedTokensPerEpoch. This means that it is possible that owner can sent amount which is not multiplier of allocatedTokensPerEpoch. For example, when allocatedTokensPerEpoch is 1 CQT,...
6.8AI Score
Incorrect updateGlobalExchangeRate implementation
Handle xYrYuYx Vulnerability details Impact UpdateGlobalExchangeRate has incorrect implementation when totalGlobalShares is zero. If any user didn't start stake, totalGlobalShares is 0, and every stake it will increase. but there is possibility that totalGlobalShares can be 0 amount later by...
6.9AI Score
Netnifty Internet behavior control system has arbitrary file download vulnerability
Ltd. was renamed from Lenovo Netcom Technology (Beijing) Co., Ltd. and its business covers network boundary security protection, application and data security protection, network-wide security risk management, professional security solutions and professional security services. An arbitrary file...
3.2AI Score
takeOutRewardTokens does not work correctly
Handle csanuragjain Vulnerability details Impact Owner will not be able to take out reward Proof of Concept Navigate to https://github.com/code-423n4/2021-10-covalent/blob/main/contracts/DelegatedStaking.sol Check the takeOutRewardTokens function function takeOutRewardTokens(uint128 amount)...
6.9AI Score
New High Impact Scenarios and Awards for the Azure Bounty Program
Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research...
0.4AI Score
The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting...
5.4CVSS
5.3AI Score
0.001EPSS
The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting...
5.4CVSS
0.001EPSS
The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting...
5.4CVSS
5.3AI Score
0.001EPSS
CVE-2021-24615 Wechat Reward <= 1.7 - CSRF to Stored Cross-Site Scripting
The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting...
5.6AI Score
0.001EPSS
New High Impact Scenarios and Awards for the Azure Bounty Program
Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research...
0.3AI Score
New High Impact Scenarios and Awards for the Azure Bounty Program
Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research...
6.8AI Score
Is Your Data Safe? Check Out Some Cybersecurity Master Classes
Since cybersecurity is definitely an issue that's here to stay, I've just checked out the recently released first episodes of Cato Networks Cybersecurity Master Class Series. According to Cato, the series aims to teach and demonstrate cybersecurity tools and best practices; provide research and...
-0.3AI Score
Exploit for Vulnerability in D-Link Dcs-2530L Firmware
CVE-2020-25078 使用说明 instructions 攻击url放同一目录下 ip.txt The...
7.5CVSS
7.5AI Score
0.825EPSS
Inside Apple: How Apple’s attitude impacts security
Last week saw the fourth occurrence of the Objective by the Sea (OBTS) security conference, which is the only security conference to focus exclusively on Apple's ecosystem. As such, it draws many of the top minds in the field. This year, those minds, having been starved of a good security...
-0.6AI Score
Wrong keeper reward computation
Handle cmichel Vulnerability details The PoolKeeper.keeperReward computation mixes WADs and Quads which leads to issues. Note that keeperTip returns values where 1 = 1%, and 100 = 100%, the same way BASE_TIP = 5 = 5%. Thus _tipPercent = ABDKMathQuad.fromUInt(keeperTip) is a Quad value of this...
6.8AI Score
Guide: How to Hack API in 60 minutes or API Threats Simulation with Open-Source Tools
What is API? API is the abbreviation for Application Programming Interface, which is a product middle person that permits two applications to converse with one another. Useful link: Api security tutorial for beginners and professionals What Is API Testing: Benefits, Types, How To Start OpenAPI...
8AI Score
MetInfo is vulnerable to SQL injection (CNVD-2021-81488)
MetInfo is an open source, free CMS website builder for businesses.MetInfo is vulnerable to SQL injection. An attacker can use the vulnerability to obtain sensitive database...
1.6AI Score
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in...
6.5CVSS
6.4AI Score
0.001EPSS
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS).....
6.5CVSS
6.4AI Score
0.001EPSS
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in...
6.5CVSS
0.001EPSS
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS).....
6.5CVSS
0.001EPSS
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS).....
6.5CVSS
6.4AI Score
0.001EPSS
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in...
6.5CVSS
6.4AI Score
0.001EPSS
CVE-2021-40832 Denial-of-Service (DoS) Vulnerability
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in...
5.5CVSS
6.6AI Score
0.001EPSS
CVE-2021-33603 Denial-of-Service (DoS) Vulnerability
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS).....
5.5CVSS
6.6AI Score
0.001EPSS
Users cannot receive rewards from ConcentratedLiquidityPoolManager if their liquidity is too large
Handle broccoli Vulnerability details Impact There could be an integer underflow error when the reward of an incentive is claimed, forcing users to wait for a sufficient period or reduce their liquidity to claim the rewards. Proof of Concept The unclaimed reward that a user could claim is...
6.8AI Score
Handle 0xsanson Vulnerability details Impact In ConcentratedLiquidityPoolManager, an user can claimReward of a subscribed position. In order to compute the correct amount, secondsUnclaimed needs to be calculated, but it's implemented incorrectly: uint256 secondsUnclaimed = (maxTime -...
6.9AI Score
Handle cmichel Vulnerability details The ConcentratedLiquidityPoolManager.claimReward requires stake.initialized but it is never set. It also performs a strange computation as 128 - incentive.secondsClaimed which will almost always underflow and revert the transaction. Impact One cannot claim...
6.9AI Score
Integer underflow error in claimReward of ConcentratedLiquidityPoolManager
Handle broccoli Vulnerability details Impact The claimReward function of ConcentratedLiquidityPoolManager calculates the secondsUnclaimed variable using a formula with an unclear intention: uint256 secondsUnclaimed = (maxTime - incentive.startTime) << (128 - incentive.secondsClaimed); This...
6.8AI Score
ConcentratedLiquidityPoolManager uses wrong index for incentive
Handle cmichel Vulnerability details The ConcentratedLiquidityPoolManager uses the positionId as an index for incentives[pool][positionId] when it should be incentiveId instead: // @audit should be Incentive memory incentive = incentives[pool][incentiveId]; Incentive memory incentive =...
6.9AI Score
Compound DeFi Platform Gives Out $90M
Compound, an Ethereum-based decentralized finance (DeFi) platform, accidentally gave out $90 million to its users in a botched upgrade. Now, the owners would appreciate it if they gave it back. Compound might even be willing to throw in a 10 percent “reward,” it said. On the flip side, those who...
-0.7AI Score
Incentivizing Developers is the Key to Better Security Practices
Professional developers want to embrace DevSecOps and write secure code, but their organizations need to support this seachange if they want that effort to grow. The cyber threat landscape is becoming more complex by the day. Attackers are constantly scanning networks for vulnerable applications,.....
-0.6AI Score
Exploit for Improper Input Validation in Cisco Application Extension Platform
Cisco RV110W UPnP 0day 分析 前言 最近UPnP比较火,恰好手里有一台Cisco...
9.8CVSS
8.8AI Score
0.005EPSS
HybridPool's flashSwap gives the total fee to barFeeTo
Handle 0xsanson Vulnerability details Impact In HybridPool's flashSwap function there's a transfer to barFeeTo _transfer(tokenIn, fee, barFeeTo, false); Here fee = (amountIn * swapFee) / MAX_FEE is the total swap fee. However it should transfer out only a fraction of it (barFee/MAX_FEE) otherwise.....
6.9AI Score
HybridPool's flashSwap gives the total fee to barFeeTo
Handle 0xsanson Vulnerability details Impact In HybridPool's flashSwap function there's a transfer to barFeeTo _transfer(tokenIn, fee, barFeeTo, false); Here fee = (amountIn * swapFee) / MAX_FEE is the total swap fee. However it should transfer out only a fraction of it (barFee/MAX_FEE) otherwise.....
6.9AI Score
A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by...
7.5CVSS
7.4AI Score
0.001EPSS
A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by...
7.5CVSS
0.001EPSS
A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings through the web user interface in a way that could lead to an arbitrary code execution on the F-Secure Internet Gatekeeper...
8.8CVSS
0.001EPSS
A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings through the web user interface in a way that could lead to an arbitrary code execution on the F-Secure Internet Gatekeeper...
8.8CVSS
8.7AI Score
0.001EPSS
A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by...
7.5CVSS
7.4AI Score
0.001EPSS
A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings through the web user interface in a way that could lead to an arbitrary code execution on the F-Secure Internet Gatekeeper...
8.8CVSS
8.7AI Score
0.001EPSS
CVE-2021-33601 Arbitrary Code Execution in Web Interface of F-Secure Internet Gatekeeper
A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings through the web user interface in a way that could lead to an arbitrary code execution on the F-Secure Internet Gatekeeper...
7.6CVSS
9AI Score
0.001EPSS
CVE-2021-33600 Denial of Service Vulnerability in Web Interface of F-Secure Internet Gatekeeper
A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by...
5.4CVSS
7.6AI Score
0.001EPSS
Feds Sanctions SUEX Cryptocurrency Exchange for Laundering Ransomware Payouts
In an unprecedented move, the federal government has sanctioned a cryptocurrency exchange for laundering ransom transactions for cybercriminals and helping them evade law-enforcement activity. As part of its continued hardline against ransomware attacks, the U.S. Department of Treasury has...
0.3AI Score