微信打赏（Wechat Reward) Security Vulnerabilities

First user can drain funds from staking contract

Lines of code Vulnerability details Impact If the first user locks an extremely small amount of tokens (1 wei), he can manipulate the reward that is supposed to receive. After locking a small amount, he can unlock it before the second user interacts with the contract. See PoC for more details....

contract has the tendency to mint more tokens than it actually has

Lines of code Vulnerability details Impact If the contract does not have enough esLBR tokens to mint and transfer as rewards, users will not be able to claim their rewards even if they have earned them. Proof of Concept There is no check to ensure that the contract's balance of esLBR tokens is...

Information leakage vulnerability in Dual Open Assistant Micro Divergence Edition

Dual Open Assistant Micro Diversion is an app diversion soft. Dual Open Assistant Micro Diversion Edition suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive...

Exploit for Double Free in Openbsd Openssh

CVE-2023-25136 OpenSSH 9.1漏洞大规模扫描和利用 *脆弱性的详细信息...

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

Nikita Kislitsin, formerly the head of network security for one of Russia's top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Department of Justice. Experts say Kislitsin's prosecution could soon put the Kazakhstan government in.....

Logic Flaw Vulnerability in T+ (CNVD-2023-62863)

T+ is a new Internet business management software. A logic flaw vulnerability exists in Changjitong T+, which can be exploited by an attacker to delete arbitrary...

Exploit for Improper Ownership Management in Linux Linux Kernel

typora-copy-images-to: ./image CVE-2023-0386 Exp...

How cybercrime is impacting SMBs in 2023

According to the United Nations, small and medium-sized businesses (SMBs) constitute 90 percent of all companies and contribute 60 to 70 percent of all jobs in the world. They generate 50 percent of global gross domestic product and form the backbone of most countries' economies. Hit hardest by...

Gibbon v25.0.0 - Local File Inclusion

Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) vulnerability where it's possible to include the content of several files present in the installation folder in the server's...

A week in security (June 19 - 25)

Last week on Malwarebytes Labs: Microsoft Azure AD flaw can lead to account takeover 5 facts to know about the Royal ransomware gang Malwarebytes only vendor to win every MRG Effitas award in 2022 & 2023 UPS warns customers of phishing attempts after data accessed 6 tips for a cybersecure...

JeecgBoot 3.5.0 - SQL Injection

jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show...

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 12, 2023 to June 18, 2023)

Last week, there were 60 vulnerabilities disclosed in 52 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 25 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

Vega's validators able to submit duplicate transactions

A vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For example, a deposit to the collateral bridge for 100USDT that credits a party’s general account on Vega, can be re-processed 50 times resulting....

Vega's validators able to submit duplicate transactions

A vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For example, a deposit to the collateral bridge for 100USDT that credits a party’s general account on Vega, can be re-processed 50 times resulting....

Exploit for SQL Injection in Jeecg Jeecg-Boot

CVE-2023-1454 Jeecg-Boot-qurestSql-SQLvuln...

US dangles $10 million reward for information about Cl0p ransomware gang

The US Department of State's national security rewards program, Rewards for Justice (RFJ), is offering a reward of up to $10 million for information linking the Cl0p ransomware gang, or any other malicious cyber actors targeting US critical infrastructure, to a foreign government. Advisory from...

Jeecg P3 Biz Chat - Local File Inclusion

Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific...

Exploit for CVE-2023-23752

CVE-2023-23752 Joomla未授权访问漏洞 fofa: product="Joomla"...

What You Need To Know About MOVEit

The MOVEit Vulnerabilities and Latest Exploits. Impact On Governmental Agencies And Large Organizations Governmental agencies and large organizations around the world are being hit by ransomware attacks exploiting several vulnerabilities in MOVEit, a widely used file transfer solution. The...

CVE-2023-3232

A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classified as critical. This issue affects some unknown processing of the file /api/wechat/app_auth of the component Image Upload. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used......

CVE-2023-3232

A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classified as critical. This issue affects some unknown processing of the file /api/wechat/app_auth of the component Image Upload. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used......

CVE-2023-3232

A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classified as critical. This issue affects some unknown processing of the file /api/wechat/app_auth of the component Image Upload. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used......

Deserialization of untrusted data

A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classified as critical. This issue affects some unknown processing of the file /api/wechat/app_auth of the component Image Upload. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used......

CVE-2023-3232 Zhong Bang CRMEB Image Upload app_auth deserialization

A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classified as critical. This issue affects some unknown processing of the file /api/wechat/app_auth of the component Image Upload. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used......

Changjitong T+ Remote Command Execution Vulnerability

T+ is a new Internet-based business management software. A remote command execution vulnerability exists in T+, which can be exploited by an attacker to execute arbitrary commands on the target...

Two Russian Nationals Charged for Masterminding Mt. Gox Crypto Exchange Hack

The U.S. Department of Justice (DoJ) has charged two Russian nationals in connection with masterminding the 2014 digital heist of the now-defunct cryptocurrency exchange Mt. Gox. According to unsealed indictments released last week, Alexey Bilyuchenko, 43, and Aleksandr Verner, 29, have been...

GitHub’s revamped VIP Bug Bounty Program

GitHub’s bug bounty team has had an exciting start to the year. We launched our very own swag store, allowing researchers to earn exclusive bug bounty branded swag as a bonus perk to their earned bounty reward, and held two private beta feature engagements, which brought us great findings by our...

Beware: 1,000+ Fake Cryptocurrency Sites Trap Users in Bogus Rewards Scheme

A previously undetected cryptocurrency scam has leveraged a constellation of over 1,000 fraudulent websites to ensnare users into a bogus rewards scheme since at least January 2021. "This massive campaign has likely resulted in thousands of people being scammed worldwide," Trend Micro researchers.....

KesionCMS X 9.5 Add Administrator

...

When deploying a contract in PermissionlessNodeRegistry.deployNodeELRewardVault(), an attacker can find out in advance the address of the future deployed contract and deploy his own at this address

Lines of code https://github.com/code-423n4/2023-06-stader/blob/main/contracts/factory/VaultFactory.sol#L48-L60 Vulnerability details Impact The address of the new contract depends solely on the _salt parameter, which is calculated from user-provided data. Once a user's create transaction is...

Insecure State settleFunds function, state update

Lines of code Vulnerability details Impact The impact of this finding is that an unauthorized party can manipulate the state of the vaultSettleStatus variable before executing critical operations related to penalty marking, fund distribution, and reward deposits. This can potentially disrupt the...

sell reward rTokens at low price because of skiping furnace.melt

Lines of code Vulnerability details Impact The reward rToken sent to RevenueTrader will be sold at a low price. RSR stakers will lose some of their profits. Proof of Concept RevenueTraderP1.manageToken function is used to launch auctions for any erc20 tokens sent to it. For the RevenueTrader of...

User with large stacked ETH can deny other stacker from withdrawing.

Lines of code Vulnerability details Description The withdraw flow of Stader splitted in two steps, first the user has to requestWithdraw by passing his owned ETHx amount which add a new record to userWithdrawRequests[nextRequestId], second, finalizeUserWithdrawalRequest got called by any user to...

UNJUSTIFIED ZERO INDEX VALIDATION HINDERS INDEX VALUE OF 0

Lines of code Vulnerability details Impact SocializingPool.verifyProof currently incorporates a zero index check which blocks the entry of an index value of 0. While this check is designed to prevent the use of invalid index values, it inadvertently prohibits the valid index value of 0. This may...

Users who stake at the end of a freeze would get rewards as if they've staked before the freeze

Lines of code Vulnerability details This one was reported in the first contest, it was mitigated but a code change that was made since then brings it back again. Impact Users who stake while frozen would get a share of the rewards for the period since the last call to payoutRewards(). This means...

Exchange rate is stale for deposit to calculate shares

Lines of code https://github.com/code-423n4/2023-06-stader/blob/main/contracts/ValidatorWithdrawalVault.sol#L77 https://github.com/code-423n4/2023-06-stader/blob/main/contracts/NodeELRewardVault.sol#L36 Vulnerability details Impact The attacker can take profit with the delayed exchange rate...

No stale data check on data being read from POR feed

Lines of code Vulnerability details Impact Stale data of exchange rate data being used protocol, resulting in loss in terms of ETHX being minted at stale exchange rate (which won't have accounted for new reward) Recommended Mitigation Steps Check lastUpdatedAt timestamp and that it is within...

Kesion CMS X 2.0 Add Administrator

...

Exploit for Code Injection in Vmware Spring Framework

Spring RCE CVE-2022-22965 漏洞环境 环境信息 * springboot *...

Swift support brings broader mobile application security to GitHub Advanced Security

Mobile applications have become a fundamental part of everyday life, from how we work, communicate, and entertain ourselves. We rely on mobile applications for their convenience, ease of use, and ability to provide access to a wide range of services and information on the go. At GitHub, we want to....

Exploit for Code Injection in Apache Rocketmq

0x01 简介 此工具是一款用于 RocketMQ RCE (CVE-2023-33246) woodpecker...

Exploit for Code Injection in Apache Rocketmq

0x01 简介 此工具是一款用于 RocketMQ RCE (CVE-2023-33246) woodpecker...

KesionCMS ASP 9.5 Add Administrator

...

Information Disclosure Vulnerability in Baseline Verification System of Deepcore Technology Co.

Founded in 2000, DeepSign Technology Co., Ltd. is a product and service provider specializing in enterprise-class network security, cloud computing, IT infrastructure and the Internet of Things (IoT). An information disclosure vulnerability exists in the baseline verification system of DeepService....

missing permission check for API /setting/workspace/member/update

Proof of Concept 1 user1 是workspace1的空间管理员 2 user2 是workspace1的成员 3 user1 更新user2的信息，比如将其更新为空间管理员 4 使用burpsuite拦截请求 ``` POST /setting/workspace/member/update HTTP/1.1 Host: 192.168.213.128:8081 Content-Length: 144 Accept-Language: zh-CN WORKSPACE: bd6fc04b-15af-43dc-8cb6-411deaec81a7...

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)

Last week, there were 82 vulnerabilities disclosed in 59 WordPress Plugins and 11 WordPress themes, along with 6 in WordPress Core, that have been added to the Wordfence Intelligence Vulnerability Database, and there were 26 Vulnerability Researchers that contributed to WordPress Security last...

Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware

We would like to thank The Citizen Lab for their cooperation, support and inputs into this research. Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a...

Command Execution Vulnerability in LiveGBS of Anhui Green Persimmon Information Technology Co. Ltd (CNVD-2023-59132)

Anhui Green Persimmon Information Technology Co., Ltd. is an enterprise mainly engaged in software and information technology service industry. A command execution vulnerability exists in LiveGBS of Anhui Green Persimmon Information Technology Co. Ltd. that can be exploited by attackers to gain...

Arbitrary File Read Vulnerability in M7160DW of Zhuhai Pento Printing Technology Co.

The M7160DW is a black-and-white laser MFP that supports printing, copying and scanning functions with USB, wired network, LAN and WIFI connectivity. The M7160DW of Zhuhai Pento Printing Technology Co., Ltd. suffers from an arbitrary file read vulnerability, which can be exploited by an attacker...

Exploit for Improper Input Validation in Microsoft

CVE-2023-21554-PoC CVE-2023-21554 Windows...