Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets

In yet another sign of a lucrative crimeware-as-a-service CaaS ecosystem, cybersecurity researchers have discovered a new Windows-based information stealer called Meduza Stealer that's actively being developed by its author to evade detection by software solutions. "The Meduza Stealer has a...

An error could lead to coins not being returned to user

Lines of code Vulnerability details Impact The function swapCoins does check that SendCoins does receive them correctly here but not when sending them to the user here Proof of Concept If there is an error returning the swapped coins to the user, they will remain locked. There is no history of...

[SECURITY] Fedora 38 Update: radare2-5.8.6-1.fc38

The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...

[SECURITY] Fedora 37 Update: radare2-5.8.6-1.fc37

The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...

PrinterLogic Build 1.0.757 XSS / SQL Injection / Authentication Bypass

PrinterLogic SaaS, multiple vulnerabilities =========================================================== PrinterLogic's Enterprise Print Management software allows IT professionals to simplify printer driver management and empower end users. -- https://www.printerlogic.com/ Background...

Check if the token of projectId matches the projectToken of the JBXBuybackDelegate

Lines of code Vulnerability details Impact At line 202, the amountReceived returned by the swap function is based on the projectToken defined in JBXBuybackDelegate. This will incorrectly trigger the mint function and because there is no verification of projectToken, it will mistakenly mint...

Invalid

Lines of code Vulnerability details Assessed type Other --- The text was updated successfully, but these errors were encountered: All reactions...

CVE-2023-23448

Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames via analysis of source code...

Imperva Red Team Discovers Vulnerability in TikTok That Can Reveal User Activity and Information

TL;DR The Imperva Red Team discovered a vulnerability in TikTok, a popular social media platform with more than one billion users worldwide, that could allow attackers to monitor users activity on both mobile and desktop devices. This vulnerability, which has now been fixed, was caused by a windo...

Burn logic issue due to lack of checking parameter 0 in burnWithReserve function

Lines of code Vulnerability details Impact The token quantity is sent to 0 and then the token is internally burned, causing a logic problem. Proof of Concept 1. burnWithReserve - reservePPM = 0 2. calculateFreedAmount call - The result is scaled by the ratio of currentReserve and minterReserve...

Grepmarx - A Source Code Static Analysis Platform For AppSec Enthusiasts

Grepmarx is a web application providing a single platform to quickly understand, analyze and identify vulnerabilities in possibly large and unknown code bases. Features SAST Static Analysis Security Testing capabilities: Multiple languages support: C/C++, C, Go, HTML, Java, Kotlin, JavaScript,...

NAPLISTENER: New Malware in REF2924 Group's Arsenal for Bypassing Detection

The threat group tracked as REF2924 has been observed deploying previously unseen malware in its attacks aimed at entities in South and Southeast Asia. The malware, dubbed NAPLISTENER by Elastic Security Labs, is an HTTP listener programmed in C and is designed to evade "network-based forms of...

Return value unchecked - leads to privilege escalation

Lines of code Vulnerability details Impact The application doesn't check the return value of isGrantes properly Proof of Concept no check on the return value only exception handled Tools Used slither Recommended Mitigation Steps check the return value or force it for the implementing class --- Th...

APKHunt - Comprehensive Static Code Analysis Tool For Android Apps That Is Based On The OWASP MASVS Framework

APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their cod...

MAL-2023-6625 Malicious code in selfsplitreplacecraft (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7df84fb9d259d10ace99c1e37391c7d1a2a641f28aa55e746f5bca57e8b03488 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Allowance isn't reduced on transfer if it is type(uint).max

Lines of code Vulnerability details Impact Allowance isn't reduced on transfer if it is typeuint.max. By design of the ERC20 token, if the spender is not the sender, allowance must always be deducted after the transfer. Proof of Concept / Get the allowance, infinite for the account owner / uint...

recoverTimelock can have a value shorter than the winner's deadline to claim

Lines of code Vulnerability details Impact The value of recoverTimelock is checked to be greater than a week and less than a year, but it should never be allowed to be shorter than block.timestamp + settings.drawBufferTime, which is the time given to the winner to claim the NFT. Otherwise it coul...

Draw can be configured without uncancellable-redraw mechanism

Lines of code Vulnerability details Description RandomDraw initialize contains several checks for the range of drawBufferTime and recoveryTimelock. redraw buffer time can be between 1 hour and 1 month, while recoveryTimelock is between 1 week and 1 year from now. The issue is that the relative...

Long and short tokens can continue to be minted even after expiry

Lines of code Vulnerability details Impact Users can mint after expiry but before the final price has been set Proof of Concept function mintuint256 amount external override nonReentrant returns uint256 requirefinalLongPayout MAXPAYOUT, "Market ended"; requirecollateral.balanceOfmsg.sender =...

Trader can still execute the order even after cancelling the order

Lines of code Vulnerability details Impact There are no checks to verify whether the order has been cancelled or not in execute function. This will enable traders to place the order even after cancellation Proof of Concept Execute cancelOrder function with Order data Include the Order in input of...