微信打赏（Wechat Reward) Security Vulnerabilities

CVE-2023-25715

Missing Authorization vulnerability in GamiPress GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through...

CVE-2023-25715

Missing Authorization vulnerability in GamiPress GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through...

Authorization

Missing Authorization vulnerability in GamiPress GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through...

CVE-2023-25715 WordPress GamiPress Plugin <= 2.5.6 is vulnerable to Broken Access Control

Missing Authorization vulnerability in GamiPress GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n/a through...

Should count pending harvest reward and already harvested reward as collateral credit if the collateral is WLP

Lines of code https://github.com/code-423n4/2023-12-initcapital/blob/a53e401529451b208095b3af11862984d0b32177/contracts/core/PosManager.sol#L308 Vulnerability details Impact Should count pending harvest reward and already harvested reward as collateral credit if the collateral is WLP Proof of...

Ten Years Later, New Clues in the Target Breach

On Dec. 18, 2013, KrebsOnSecurity broke the news that U.S. retail giant Target was battling a wide-ranging computer intrusion that compromised more than 40 million customer payment cards over the previous month. The malware used in the Target breach included the text string "Rescator," which also.....

Exploit for CVE-2023-38831

CVE-2023-38831-EXP ``` _ _ ___ ____...

Friday Squid Blogging: Influencer Accidentally Posts Restaurant Table QR Ordering Code

Another rare security + squid story: The woman--who has only been identified by her surname, Wang--was having a meal with friends at a hotpot restaurant in Kunming, a city in southwest China. When everyone’s selections arrived at the table, she posted a photo of the spread on the Chinese social...

HackerOne: Some limited confidential information can still be accessed after a user exits a private program

Good morning team!!! I identified a bug where it is possible to access some limited confidential information from a private program even after you have already exited that program. information like: :number of domains :Bounties paid :Number of hackers paid :Response efficiency :Minimum reward and.....

Microsoft Warns of COLDRIVER's Evolving Evasion and Credential-Stealing Tactics

The threat actor known as COLDRIVER has continued to engage in credential theft activities against entities that are of strategic interests to Russia while simultaneously improving its detection evasion capabilities. The Microsoft Threat Intelligence team is tracking under the cluster as Star...

Exploit for Cross-site Scripting in Helpsystems Cobalt Strike

Gui-poc-test A testing tool for...

Earn up to $10,000 for Vulnerabilities in WordPress Software – 6X Rewards in the Wordfence Holiday Bug Extravaganza!

At Wordfence our mission is to Secure The Web. WordPress powers over 40% of the Web, and Wordfence secures over 4 million WordPress websites. Today we are announcing that for the next 20 days, Wordfence will be paying out some of the highest bug bounties in the history of WordPress to help find...

WP Crowdfunding < 2.1.8 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

WP Crowdfunding < 2.1.8 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) PoC 1. Add a campaign and for the...

Chaty < 3.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings

Description The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.1.2 due to insufficient input sanitization...

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 13, 2023 to November 19, 2023)

Wordfence just launched its bug bounty program. For the first 6 months, all awarded bounties receive a 10% bonus. View the announcement to learn more now! Last week, there were 126 vulnerabilities disclosed in 102 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence...

6 Steps to Accelerate Cybersecurity Incident Response

Modern security tools continue to improve in their ability to defend organizations' networks and endpoints against cybercriminals. But the bad actors still occasionally find a way in. Security teams must be able to stop threats and restore normal operations as quickly as possible. That's why it's.....

Consumer cyberthreats: predictions for 2024

In our previous summary of consumer predictions, we delved into tactics that we expected scammers and cybercriminals to use in 2023. As anticipated, they capitalized on major events and cultural crazes, using tricks that ranged from fake Barbie doll deals to exploiting the buzz around long-awaited....

Why Defenders Should Embrace a Hacker Mindset

Today's security leaders must manage a constantly evolving attack surface and a dynamic threat environment due to interconnected devices, cloud services, IoT technologies, and hybrid work environments. Adversaries are constantly introducing new attack techniques, and not all companies have...

Exploit for CVE-2023-4357

工具简介 全球首款单文件利用 CVE-2023-4357 Chrome XXE 漏洞...

Exploit for CVE-2023-4357

工具简介 全球首款单文件利用 CVE-2023-4357 Chrome XXE 漏洞...

buggy reward calculation

Lines of code Vulnerability details Impact This is very similar to an inflation attack. Rewards increase whenever _splitFees() is being called which is anywhere (buy/sell/mint/burn). The calculation is done like this: shareData[_id].shareHolderRewardsPerTokenScaled += (shareHolderFee * 1e18) /...

Holder cannot claim fee

Lines of code https://github.com/code-423n4/2023-11-canto/blob/335930cd53cf9a137504a57f1215be52c6d67cb3/1155tech-contracts/src/Market.sol#L226-L237 Vulnerability details Impact Assume a user buys some shares and mints it to an NFT and sends the shares to a cold wallet for safety. The following...

user can buy when there's no bonding curve set

Lines of code Vulnerability details Impact Users can buy with no bonding curve set Proof of Concept function buy(uint256 _id, uint256 _amount) external { /// @audit add a check that ensures there's a bonding curve set require(shareData[_id].creator != msg.sender, "Creator cannot buy"); ...

Reentrancy leads to minting/burning/buying without paying the correct amount of fees

Lines of code https://github.com/code-423n4/2023-11-canto/blob/335930cd53cf9a137504a57f1215be52c6d67cb3/1155tech-contracts/src/Market.sol#L229 https://github.com/code-423n4/2023-11-canto/blob/335930cd53cf9a137504a57f1215be52c6d67cb3/1155tech-contracts/src/Market.sol#L153 Vulnerability details...

There is potential underflow and overflow issues in arithmetic operations in the _getRewardsSinceLastClaim function

Lines of code https://github.com/code-423n4/2023-11-canto/blob/335930cd53cf9a137504a57f1215be52c6d67cb3/1155tech-contracts/src/Market.sol#L272-L277 Vulnerability details Impact There are potential underflow and overflow issues in arithmetic operations. Not being able to verify that subtracting...

The user has the ability to bypass a fee claim protection for their own benefit while purchasing tokens

Lines of code Vulnerability details Impact User can bypass a fee claim protection for his own benefit by making multiple purchases instead of one, and as the result claim a fee part by part. Due to code documentation: The reward calculation has to use the old rewards value (pre fee-split) to not...

Unchecked Bonding Curve Lookups in Market validation of _id in buy() and sell() absent.

Lines of code https://github.com/code-423n4/2023-11-canto/blob/335930cd53cf9a137504a57f1215be52c6d67cb3/1155tech-contracts/src/Market.sol#L141-L145 https://github.com/code-423n4/2023-11-canto/blob/335930cd53cf9a137504a57f1215be52c6d67cb3/1155tech-contracts/src/Market.sol#L132-L136...

SQL Injection Vulnerability in Mobile Phone Service Management Backend of Zhengzhou Zhengda Information Technology Co.

Zhengzhou Zhengda Information Technology Co., Ltd. is a supply chain-industrial chain digitization and financial service solution provider. Zhengzhou Zhengda Information Technology Co., Ltd. mobile service management backend has a SQL injection vulnerability, which can be exploited by attackers to....

Exploit for CVE-2023-38831

winrar漏洞复现教程...

AuctionDemo opens itself several DoS attack vectors

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept The auctionDemo.auctionInfoData map holds important info on auctions, and hold this info per tokenId. Needless to say, for many auctions that may become popular and/or long running, the.....

Fostering Innovation in Web Security

I've always created growth by focusing on free. It started back in 2003 when I launched WorkZoo in London. WorkZoo was a job search engine that ended up being one of Time Magazine's top 50 websites of 2005. These days we take free search capability for granted, but 20 years ago, before Nginx came.....

Vulnerability in Token Withdrawal Function

Lines of code Vulnerability details Impact Flawed logic in token withdrawal function allows for selective withdrawal of high-value tokens and fails in single-token scenarios. // Sum up total amount of each token to withdraw. uint256[] memory withdrawAmounts = new uint256 ;...

Wordfence Launches Bug Bounty Program to Fund WordPress Security Research and Showcase Researchers

At Defiant Inc and Wordfence, our mission is to Secure the Web. A critical component of creating and maintaining a secure online community is the research that reveals vulnerabilities in software. Without this research, only malicious hackers would find vulnerabilities, and they would quietly...

MEV bot can frontrun user's repayment to liquidate user first when the OmniPool is unpaused

Lines of code https://github.com/code-423n4/2023-11-betafinance/blob/0f1bb077afe8e8e03093c8f26dc0b7a2983c3e47/Omni_Protocol/src/OmniPool.sol#L303 https://github.com/code-423n4/2023-11-betafinance/blob/0f1bb077afe8e8e03093c8f26dc0b7a2983c3e47/Omni_Protocol/src/OmniToken.sol#L152...

Canada Bans WeChat and Kaspersky Due to Spying Concerns

By Waqas The fate of WeChat and Kaspersky apps on civilian devices remains uncertain. This is a post from HackRead.com Read the original post: Canada Bans WeChat and Kaspersky Due to Spying...

Canada Bans WeChat and Kaspersky Apps On Government Devices

Canada on Monday announced a ban on the use of apps from Tencent and Kaspersky on government mobile devices, citing an "unacceptable level of risk to privacy and security." "The Government of Canada is committed to keeping government information and networks secure," the Canadian government said......

Exploit for CVE-2021-43226

CVE-2021-43226复现 环境 操作系统：Hyper-V上Win10 20H2...

stakers can withraw reward without waiting the vesting period

Lines of code Vulnerability details Impact stakers can frontrun a reward giving transaction by monitoring the mempool for the function transferInRewards, and stake before it, and then unstake after to get rewards, if the cooldown is off. Proof of Concept imagine a scenario where the cooldown...

Google Expands Its Bug Bounty Program to Tackle Artificial Intelligence Threats

Google has announced that it's expanding its Vulnerability Rewards Program (VRP) to compensate researchers for finding attack scenarios tailored to generative artificial intelligence (AI) systems in an effort to bolster AI safety and security. "Generative AI raises new and different concerns than.....

Exploit for CVE-2023-22515

CVE-2023-22515 CVE-2023-22515 Confluence Broken Access...

M-05 Unmitigated

Lines of code Vulnerability details Mitigation of M-05: Issue NOT mitigated Mitigated issue M-05: Reward sandwiching in VotiumStrategy The issue was that exposure to the benefits of the VotiumStrategy might be unfairly time-weighted. There were two aspects mentioned: voting power and rewards. I do....

[ADRIRO-NEW-H-02] Users loses their share of rewards while waiting for withdrawal

Lines of code Vulnerability details Summary Withdrawals in AfEth undergo a delay until the underlying CVX tokens can be withdrawn. Depositors need to request a withdrawal and wait until the required withdrawal epoch before making their withdrawal effective. During this period of time, they will...

[ADRIRO-NEW-H-01] VotiumStrategy withdrawal can still be executed with minimal delay

Lines of code Vulnerability details Summary Within the mitigation changes, the sponsor has introduced a minimum delay of one epoch for VotiumStrategy withdrawals, in order to mitigate different issues related to the exposure to CVX . The fix contains an edge case which could still be used to make.....

M-07 Unmitigated

Lines of code Vulnerability details Mitigation of M-07: Issue NOT fully mitigated with ERROR Mitigated issue M-07: Lack of access control and value validation in the reward flow exposes functions to public access The issue was that anyone can deposit rewards to AfEth, and that if AfEth or...

M-05 Unmitigated

Lines of code Vulnerability details Original Issue M-05: Reward sandwiching in VotiumStrategy Details The issue outlined above is about making instant profit by depositing before the boost happens and withdrawing right after the boost occurs. Those who locked their positions for 16+ weeks get...

Qixingchen Tianyue Network Security Audit System-Internet Behavior Control Exists Information Leakage Vulnerability

Internet Behavior Manager (IBM), a new-generation high-performance Internet behavior management product, is equipped with the functions of integrated network access, control, optimization, audit and operation. There is an information leakage vulnerability in Qixingchen Tianyue Network Security...

Unleashing the Power of the Internet of Things and Cyber Security

Due to the rapid evolution of technology, the Internet of Things (IoT) is changing the way business is conducted around the world. This advancement and the power of the IoT have been nothing short of transformational in making data-driven decisions, accelerating efficiencies, and streamlining...

Exploit for Improper Authentication in Fit2Cloud Jumpserver

CVE-2023-42442 CVE-2023-42442 JumpServer Session 录像任意下载漏洞...

Exploit for CVE-2023-23752

CVE-2023-23752 - Recurrence of Joomla Unauthorized Access...