fossbilling 代码问题漏洞

fossbilling is a free open source solution for efficient billing and customer management. A code issue vulnerability exists in versions prior to fossbilling 0.5.5 that stems from the presence of an insufficient session expiration time...

Arbitrary from in transferFrom

Lines of code Vulnerability details Impact function aaddress from, address to, uint256 amount public erc20.transferFromfrom, to, am; Alice approves this contract to spend her ERC20 tokens. Bob can call a and specify Alice's address as the from parameter in transferFrom, allowing him to transfer...

PT-2023-26527 · Apple · Macos Monterey +3

Name of the Vulnerable Software and Affected Versions: macOS Big Sur versions 11.7.9 and earlier macOS Monterey versions 12.6.8 and earlier macOS Ventura versions 13.5 and earlier Description: The issue allows an app to modify protected parts of the file system. This was addressed by removing the...

Pointware EasyInventory 代码问题漏洞

Pointware EasyInventory is an application from Pointware, Inc. A code issue vulnerability exists in Pointware EasyInventory version 1.0.12.0, which stems from the file Easy2W.exe using an unquoted search path, allowing an attacker to access resources in the parent path...

Chengdu Flash Flood Disaster Monitoring and Warning System 代码问题漏洞

Chengdu Flash Flood Disaster Monitoring and Warning System is a flash flood disaster monitoring and warning system in Chengdu. A code issue exists in version 2.0 of the Chengdu Flash Flood Disaster Monitoring and Warning System where an incorrect operation of the parameter userFile can lead to...

CVE-2023-2003

CVE-2023-2003 affects Unitronics Vision1210 (OS version 4.3, build 5). A remote attacker could store base64-encoded malicious code in device data tables via the PCOM protocol, which can later be retrieved by a client and executed on the device. Public sources describe this as an embedded maliciou...

SourceCodester Shopping Website 代码问题漏洞

SourceCodester Shopping Website is a shopping website type CMS. A code issue vulnerability exists in SourceCodester Shopping Website version 1.0, which stems from a problem with the file insert-product.php that can lead to unrestricted file uploads...

proposals view function returns wrong voting results

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Even though, the votes are calculated correctly, the proposals view function returns wrong voting results returning forVotes results as againstVotes amount. This would negatively impact the users...

CVE-2020-26710

easy-parse v0.1.1 was discovered to contain a XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

Cross site request forgery (csrf)

The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF...

AutoSwapThreshold field is not checked for exceeding MaxAutoSwapThreshold constant

Lines of code Vulnerability details Impact validateAutoSwapThreshold function has a problem that does not check the AutoSwapThreshold field is less than or equal to the MaxAutoSwapThreshold constant, this can caused that a malicious user could set the AutoSwapThreshold field to a value that is...

Open-Xchange AppSuite 代码问题漏洞

Open-Xchange AppSuite is a set of Web cloud desktop environments from Open-Xchange Germany. The environment allows users to manage email, tasks, files, etc. more intuitively. A code issue vulnerability exists in Open-Xchange App Suite that stems from the ability to inject serialized Java objects,...

Solon 代码问题漏洞

Solon is a new ecological application development framework for Java for noear individual developers in China. A code issue vulnerability exists in versions prior to Solon 2.3.3 that stems from allowing deserialization of untrusted data...

Google Android Code Problem Vulnerability (CNVD-2023-53158)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a code issue vulnerability that can be exploited by an attacker to cause a local elevation of privilege that requires no additional execute privileges...

Google Android Code Problem Vulnerability (CNVD-2023-53157)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a code issue vulnerability that can be exploited by an attacker to cause a local privilege escalation without the need for additional execute privileges...

CVE-2023-21128

In various functions of AppStandbyController.java, there is a possible way to break manageability scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

MAL-2023-666 Malicious code in packj (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fa234f9cd17f850d24031cd41a8370ad57596e538deb70be48d9fdea3fc4577a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

TMT Lockcell 代码问题漏洞

TMT Lockcell is an application from TMT Corporation. A code issue vulnerability exists in versions prior to TMT Lockcell 15, which stems from the fact that there is no limit to the number of uploads of a dangerous type of file, which can be exploited by an attacker to perform a command injection...

Matrix Synapse 代码问题漏洞

Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. A code issue vulnerability exists in Matrix Synapse versions prior to 1.85.0 that stems from the urlpreviewurlblacklist setting that can be bypassed via oEmbed or URL...

onlyEOA modifier can be bypassed and leads to loss of user funds(Openzeppelin removed isContract function check)

Lines of code Vulnerability details Impact The onlyEOA modifier is extensively used in L1 as well as L2 smart contracts. It is designed to restict certain operations to Externally Owned accountEOA. However, the vulnerability exist that may allow the malicious contract to bypass this restriction...