微信打赏（Wechat Reward) Security Vulnerabilities

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Ultimatelysocial Social Media Share Buttons & Social Sharing Icons

CVE-2023-5070 Social Media Share Buttons & Social Sharing...

Exploit for Improper Access Control in Ruijie Rg-Ew1200G Firmware

Ruijie-RG-EW1200G CVE-2023-4169_CVE-2023-3306_CVE-2023-4415...

Exploit for Improper Authentication in Ruijienetworks Rg-Ew1200G Firmware

Ruijie-RG-EW1200G CVE-2023-4169_CVE-2023-3306_CVE-2023-4415...

Exploit for Improper Authentication in Ruijienetworks Rg-Ew1200G Firmware

Ruijie-RG-EW1200G CVE-2023-4169_CVE-2023-3306_CVE-2023-4415...

File Upload Vulnerability in Qixingchen Tianyue Network Security Audit System

Providence Peak Network Security Audit System is a compliance management system for fine-grained auditing of users' operations on core IT assets and servers in the network under business environment. A file upload vulnerability exists in Tianyue Network Security Audit System, which can be...

Exploit for Out-of-bounds Write in Haxx Libcurl

免责声明...

CVE-2023-40829

There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and...

CVE-2023-40829

There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and...

Improper access control

There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and...

Command Execution Vulnerability in Tianyue Network Security Audit System of Qixingchen Information Technology Group Co. Ltd (CNVD-2023-85472)

Providence Peak Network Security Audit System is a compliance management system for fine-grained auditing of network operation behaviors in business environments. A command execution vulnerability exists in the Tianyue Network Security Audit System of Qixing Information Technology Group Co., Ltd,.....

CVE-2023-40829

There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and...

Microsoft Defender for Endpoint now stops human-operated attacks on its own

Defenders need every edge they can get in the fight against ransomware. Today, we're pleased to announce that Microsoft Defender for Endpoint customers will now be able automatically to disrupt human-operated attacks like ransomware early in the kill chain without needing to deploy any other...

Microsoft Defender for Endpoint now stops human-operated attacks on its own

Defenders need every edge they can get in the fight against ransomware. Today, we're pleased to announce that Microsoft Defender for Endpoint customers will now be able automatically to disrupt human-operated attacks like ransomware early in the kill chain without needing to deploy any other...

Exploit for CVE-2023-38646

CVE-2023-38646...

ClaimConcentratedRewards and claimAmbientRewards don't update liquidity, enabling double rewards claims. Update liquidity after claims.

Lines of code https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L87...

An attacker can exploit the accruing liquidity functionality to accrue liquidity for more weeks than intended.

Lines of code https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L237-L253...

Validate poolIdx input to prevent storage corruption in critical functions.

Lines of code Vulnerability details Impact No validation on poolIdx input for key functions like claimConcentratedRewards. Could pass invalid poolId and corrupt storage. Proof of Concept The claimConcentratedRewards function. It takes in a poolIdx as one of the parameters: function...

Rounding error leading to no reward being sent

Lines of code https://github.com/code-423n4/2023-10-canto/blob/main/canto_ambient/contracts/mixins/LiquidityMining.sol#L277-L280 Vulnerability details Impact Rounding errors could occur if the provided amount is too small, Proof of Concept...

Use of flashloan to inflate timeWeightedWeeklyGlobalAmbLiquidity_[poolIdx][currWeek] and timeWeightedWeeklyPositionAmbLiquidity_[poolIdx][posKey][currWeek]

Lines of code https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L245-L247 Vulnerability details Impact It is possible for a bad player to use flashloan to manipulate the system by making "valuable" LP to get....

Manipulation of Overall Liquidity Calculation

Lines of code Vulnerability details Impact in this part in code : https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L276C12-L290C2 is handle the claiming of rewards for liquidity mining. It calculates...

The Liquidity mining callpath sidecar owner can pull native tokens from the Dex

Lines of code https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/callpaths/LiquidityMiningPath.sol#L74 Vulnerability details Impact The owner of liquidity mining sidecar can pull the native coins that are stored in the CrocSwapDex to...

Race condition on timeWeightedWeeklyGlobalConcLiquidityLastSet_ can lead to incorrect rewards.

Lines of code https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L62...

Event not emitted after sensitive action of setting new concentrated and ambient rewards.

Lines of code Vulnerability details Impact The 'setConcRewards' and 'setAmbRewards' doesn't emit event to to signify to all parties involved the new concentrated and ambient results. Proof of Concept A user not aware of new reward price might suppose he/she have been swindled upon realizing that...

Access control check in the setAmbRewards and setAmbRewards functions is missing

Lines of code Vulnerability details Impact Any user can call the setAmbRewards and setAmbRewards functions and set their values for weeklyReward, which opens up many attack vectors. For example, it is possible to set a large reward and withdraw all funds from the protocol. Proof of Concept...

Lack of proper access restrictions on functions setConcRewards() and setAmbRewards()

Lines of code Vulnerability details Impact Contract Reward distribution can be drained / manipulated Proof of Concept For setConcRewards() and setAmbRewards(), they are both lack of proper access restrictions, leads to the situation that anyone can execute these functions. This oversight presents.....

No access control on protocolCmd and userCmd; potential for abuse.

Lines of code https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/callpaths/LiquidityMiningPath.sol#L41-L52 Vulnerability details Impact There is no access control on the protocolCmd and userCmd functions in LiquidityMiningPath. This...

Protect against griefing by allowing only owner to manipulate global liquidity.

Lines of code https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L156-L168 Vulnerability details Impact There don't seem to be protections against a malicious actor griefing others by manipulating the global.....

Lack of validation allows invalid ticks, impacting data integrity.

Lines of code https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L29-L31...

Unvalidated ticks in claimConcentratedRewards allow unauthorized users to claim undeserved rewards. Validate ticks.

Lines of code Vulnerability details Impact There is no check that the ticks passed into claimConcentratedRewards actually match the position's ticks. A user could pass in arbitrary ticks to try to claim rewards for liquidity they don't own. Proof of Concept The claimConcentratedRewards function...

Reentrancy is possible in claim functions, which call out via .call().

Lines of code https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L256-L289...

LiquidityMining.sol cannot be funded for rewards distribution.

Lines of code https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L285-L289 Vulnerability details During a rewards claim LiquidityMining.sol uses a low-level call with the msg.value as the rewardsToSend to the....

Limit accrueConcentratedPositionTimeWeightedLiquidity calls to prevent reward manipulation.

Lines of code https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L69-L154...

Front-Running Vulnerability: Exploiting Reward Updates for Maximized Payouts

Lines of code https://github.com/code-423n4/2023-10-canto/blob/main/canto_ambient/contracts/mixins/LiquidityMining.sol#L156-L196 https://github.com/code-423n4/2023-10-canto/blob/main/canto_ambient/contracts/mixins/LiquidityMining.sol#L256-L289 Vulnerability details Impact Malicious users claim...

Slippage attack on claiming rewards

Lines of code Vulnerability details Impact Exploiter can abuse slippage to claim more weekly reward. The amount of slippage damage is unclear due to lack of deployment context and testing. Worst case scenario is the exploiter own 100% deposit of single pool allowing extreme slippage to steal...

No poolIdx validation; arbitrary values can corrupt storage, require validation.

Lines of code Vulnerability details Impact No validation on poolIdx input for key functions like claimConcentratedRewards. Could pass invalid poolId and corrupt storage. The claimConcentratedRewards function is defined on LiquidityMining.sol. It takes in a poolIdx as one of the parameters function....

Timestamp Manipulation

Lines of code Vulnerability details Impact there is a problem in that contract especiall when updating tickTrackingIndex within the loop an attacker can manipulate the values of enterTimestamp and exitTimestamp to force tickActiveEnd to be significantly larger than tickActiveStart inflate the...

Exploit for Out-of-bounds Write in Google Chrome

中文 | EN CVE-2023-4863 libwebp dependency...

Exim finally fixes 3 out of 6 vulnerabilities

Exim is a message transfer agent (MTA) originally developed at the University of Cambridge for use on Unix systems connected to the internet, and is freely available under the terms of the GNU General Public Licence. Even though the name may be new to you, a Shodan search revealed 3.5 million...

Researchers Link DragonEgg Android Spyware to LightSpy iOS Surveillanceware

New findings have identified connections between an Android spyware called DragonEgg and another sophisticated modular iOS surveillanceware tool named LightSpy. DragonEgg, alongside WyrmSpy (aka AndroidControl), was first disclosed by Lookout in July 2023 as a strain of malware capable of...

User Score Not Updated During Interest Claim, Leading to Incorrect Interest Calculations

Lines of code https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L597-L601 https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L672-L697 Vulnerability details Impact This oversight in the contract logic may lead to incorrect...

Incorrect Score calculation in Prime.sol

Lines of code https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L872-L897 https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/Scores.sol#L1-L70 Vulnerability details Impact Score is not calculated correctly; improperly high weight.....

Update score system can be bricked

Lines of code Vulnerability details Impact The updateScores function is used to manually update users scores, devlopers have shared their reasoning of this in the documentation. Any change in the alpha and the multipliers will unbalace the reward system because the change cannot be propagated to...

function 'accrueInterest(address vToken)' allows too many rewards to be allocated

Lines of code Vulnerability details Impact Malicious users can increase the number of rewards they receive within a block. Proof of Concept In the Prime contract, markets[vToken].rewardIndex is used to determine how many rewards are allocated to Prime token holders, and its value can only be...

Irrevocable token holders can instantly mint a revocable token after burning and bypass the minimum XVS stake for revocable tokens

Lines of code https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L331-L359 https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L365-L382...

A malicious user can avoid unfavorable score updates after alpha/multiplier changes, resulting in accrual of outsized rewards for the attacker at the expense of other users

Lines of code https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L704-L756 https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L623-L639...

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 18, 2023 to September 24, 2023)

Last week, there were 42 vulnerabilities disclosed in 37 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 10 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

Exploit for Improper Authentication in Fit2Cloud Jumpserver

红队攻防之JumpServer未授权访问漏洞(CVE-202......

M-05 MitigationConfirmed

Lines of code Vulnerability details In the previous implementation when stakingContract.totalAllocPoint = 0 stakingContract.withdraw() and stakingContract.deposit() will div 0 , revert This results in StargateRewardableWrapper no longer being able to execute StargateRewardableWrapper.withdraw()...

AfEth collaterals cannot be balanced after ratio is changed

Lines of code Vulnerability details Summary The AfEth ratio between the collaterals can be modified but there is no direct way to balance the assets to follow the new ratio. Impact The AfEth contract contains a configurable parameter ratio that indicates the intended balance between the two...

Missing slippage control while depositing rewards in SafEth and VotiumStrategy

Lines of code Vulnerability details Summary Deposits to SafEth and VotiumStrategy coming from rewards lack slippage control, making them susceptible to sandwich attacks by MEV bots, which can result in a loss of funds for the protocol. Impact Rewards coming from the VotiumStrategy contract are...