微信打赏（Wechat Reward) Security Vulnerabilities

CVE-2021-24597

The You Shang WordPress plugin through 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending on the payload...

Wechat Reward <= 1.7 - CSRF to Stored Cross-Site Scripting

The plugin does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting attacks. PoC Put the following payload in the QR setting: "&gt; The XSS will be triggered in the plugin's settin...

WordPress Wechat Reward plugin <= 1.7 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) discovered by 听雨眠 in WordPress Wechat Reward plugin (versions &lt;= 1.7). Solution Deactivate and delete. This plugin has been closed as of August 10, 2021 and is not available for download. Reason: Security...

Wechat Reward <= 1.7 - CSRF to Stored Cross-Site Scripting

The plugin does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting...

Cross-site Scripting (XSS) - Stored in zoujingli/thinkadmin

Description Stored XSS Content allows for the arbitrary execution of JavaScript # Proof of Concept ``` In Wechat management at feature - Reply rule management - Follow reply configuration - Default reply configuration - Follow automatic replies Save Reply text with payload : \x3csVg/\x3e XSS...

YAxisVotePower.balanceOf can be manipulated

Handle cmichel Vulnerability details The YAxisVotePower.balanceOf contract uses the Uniswap pool reserves to compute a _lpStakingYax reward: (uint256 _yaxReserves,,) = yaxisEthUniswapV2Pair.getReserves(); int256 _lpStakingYax = _yaxReserves .mul(_stakeAmount) .div(_supply) ...

Exploit for Vulnerability in Microsoft

〖EXP〗Ladon CVE-2021-40444 Office漏洞复现 漏洞概述...

The Rise of Disruptive Ransomware Attacks: A Call To Action

Our collective use of and dependence on technology has come quite a long way since 1989. That year, the first documented ransomware attack — the AIDS Trojan — was spread via physical media (5 1⁄4" floppy disks) delivered by the postal service to individuals subscribed to a mailing list. The...

CVE-2021-33599

A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service (infinite loop and freezes AV engine scanner). The vulnerability can be exploit remotely by an attacker. A successful attack will result in Denial-of-Service of the...

CVE-2021-33599

A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service (infinite loop and freezes AV engine scanner). The vulnerability can be exploit remotely by an attacker. A successful attack will result in Denial-of-Service of the...

Design/Logic Flaw

A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service (infinite loop and freezes AV engine scanner). The vulnerability can be exploit remotely by an attacker. A successful attack will result in Denial-of-Service of the...

CVE-2021-33599 Denial-of-Service (DoS) Vulnerability

A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service (infinite loop and freezes AV engine scanner). The vulnerability can be exploit remotely by an attacker. A successful attack will result in Denial-of-Service of the...

Exploit for Injection in Atlassian Confluence

CVE-2021-26084-Confluence-OGNL...

Microsoft Edge for Android信息泄露漏洞

Microsoft Edge for Android is a web browser for Android from Microsoft Corporation (USA). The vulnerability is caused by errors in the configuration of the network system or product during operation, which can be exploited by attackers to obtain sensitive...

Brute-Force Attacks Target Inboxes for Gift Card Data

Threat actors are compromising up to 100,000 inboxes daily in a campaign that targets gift card and customer-loyalty program data in hopes of reselling it or cashing in on freebies, a security researcher has found. The actors behind the scam—outlined in a post by Brian Krebs on Krebs on...

SQL injection vulnerability exists in Tongda OA (CNVD-2021-73171)

OA (Office Anywhere Network Intelligent Office System) is a collaborative office automation software independently developed by Beijing Tongda Xinke Technology Co. There is a SQL injection vulnerability in Tongda OA, attackers can use the vulnerability to obtain sensitive information in the...

Guangdong Agricultural Credit Weixin public number has a logic flaw vulnerability

Guangdong Farm Credit WeChat Public Number is the official WeChat public number of Guangdong Rural Credit Union, mainly promoting the financial services and reform and development achievements of the provincial federation and the province's agricultural commercial banks (agricultural credit...

SQL injection vulnerability exists in Gridview of Dawning Information Industry Co.

Gridview is an integrated high-performance computing platform comprehensive management system. There is a SQL injection vulnerability in Gridview, which can be exploited by attackers to obtain sensitive database...

CVE-2021-33598

A Denial-of-Service (DoS) vulnerability was discovered in all versions of F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service....

CVE-2021-33598

A Denial-of-Service (DoS) vulnerability was discovered in all versions of F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service....

Denial of service

A Denial-of-Service (DoS) vulnerability was discovered in all versions of F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service....

CVE-2021-33598 Denial-of-Service (DoS) Vulnerability

A Denial-of-Service (DoS) vulnerability was discovered in all versions of F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service....

Exploit for Allocation of Resources Without Limits or Throttling in Helpsystems Cobalt Strike

CVE-2021-36798 CVE-2021-36798 Cobalt Strike &lt; 4.3 dos ...

Malicious Ads Target Cryptocurrency Users With Cinobi Banking Trojan

A new social engineering-based malvertising campaign targeting Japan has been found to deliver a malicious application that deploys a banking trojan on compromised Windows machines to steal credentials associated with cryptocurrency accounts. The application masquerades as an animated porn game, a....

Exchange ProxyOracle 信息泄露漏洞利用链（CVE-2021-31195、 CVE-2021-31196）

...

Rewards accumaulated can stay constant and oftern not increment

Handle moose-code Vulnerability details Impact rewardsPerToken_.accumulated can stay constant while rewardsPerToken_.lastUpdated is continually updated, leading to no actual rewards being distributed. I.e. No rewards accumulate. Proof of Concept Line 115, rewardsPerToken_.accumulated could stay...

WeChat public backend system has XSS vulnerability

WeChat public number belongs to Tencent, which is an application account applied by developers or merchants on the WeChat public platform. The account is interoperable with QQ accounts, and the platform enables all-round communication and interaction with specific groups of people in text,...

ERC20Rewards.sol: Consider making rewardsToken immutable

Handle hickuphh3 Vulnerability details Impact While it might seem like a good feature to have, being able to switch reward tokens will only be useful for tokens which are equivalent in value (probably stablecoins, pegged tokens) since it carries over unclaimed rewards from the previous reward...

Rewards squatting - setting rewards in different ERC20 tokens opens various economic attacks.

Handle moose-code Vulnerability details Impact Users have essentially have an option to either claim currently earned reward amounts on future rewards tokens, or the current rewards token. Although stated on line 84, it does not take into account the implications and lock in this contract will...

ERC20Rewards returns wrong rewards if no tokens initially exist

Handle cmichel Vulnerability details The ERC20Rewards.updateRewardsPerToken function exits without updating rewardsPerToken.lastUpdated if totalSupply is zero, i.e., if there are no tokens initially. This leads to an error if there is an active rewards period but not tokens have been minted yet....

ERC20Rewards breaks when setting a different token

Handle cmichel Vulnerability details The setRewards function allows setting a different token. Holders of a previous reward period cannot all be paid out and will receive their old reward amount in the new token. This leads to issues when the new token is more (less) valuable, or uses different...

Friends Reunion Anchors Video Swindle

The second quarter saw a rise in entertainment lures for fraud and phishing, including one campaign capitalizing on the buzz around “Friends: The Reunion.” Researchers at Kaspersky found fake sites supposedly hosting video for the much-anticipated special episode of the popular sitcom, according...

CVE-2021-33595

A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address...

CVE-2021-33595

A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address...

CVE-2021-33594

An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A...

CVE-2021-33594

An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A...

Spoofing

A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address...

Spoofing

An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A...

CVE-2021-33594 F-Secure Safe browser for Android vulnerable to Address Bar Spoofing

An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A...

CVE-2021-33595 F-Secure Safe browser for iOS vulnerable to Address Bar Spoofing

A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address...

Jeecms background exists arbitrary file download vulnerability

jeecms is a content management system developed by Jiangxi Jinlei Technology Development Co., Ltd. that supports WeChat applets, WeChat public/service numbers, column models, content model cross-customization, and content e-commerce with payment and financial settlement. jeecms background exists...

Denial of Service in cortezaproject/corteza-server

You can put a very long login email text until you get the last user to put and aries or [DoS]. Normally emails have 64 to 225 digits. Summary There is no limit to the number of characters in the login email, which allows a DoS attack. The DoS attack affects both server-side and client-side. NOTE:....

BlackShield Network Security Audit System has a weak password vulnerability

Fujian Strait Information Technology Co., Ltd. is a state-controlled high-tech enterprise, specializing in technical research, product sales, information security services and other businesses in the field of network security technology. There is a weak password vulnerability in the BlackShield...

CVE-2021-33596

Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded...

CVE-2021-33597

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the...

CVE-2021-33597

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the...

CVE-2021-33596

Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded...

Design/Logic Flaw

Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded...

Denial of service

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the...

CVE-2021-33597 Denial-of-Service (DoS) Vulnerability

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the...