198 matches found
SUSE CVE-2007-3007
PHP 5 before 5.2.3 does not enforce the openbasedir or safemode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function...
SUSE CVE-2007-6061
Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service recording deadlock by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete...
SUSE CVE-2011-4690
Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...
SUSE CVE-2011-4691
Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...
SUSE CVE-2018-6556
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a...
OESA-2023-1075 lxc security update
Containers are insulated areas inside a system, which have their own namespace for filesystem, network, PID, IPC, CPU and memory allocation and which can be created using the Control Group and Namespace features included in the Linux kernel. Security Fixes: lxc-user-nic in lxc through 5.0.1 is...
Micro Focus NetIQ Identity Manager 安全漏洞
Micro Focus NetIQ Identity Manager is a suite of identity management solutions from Micro Focus UK. The solution provides the foundation for account provisioning, user self-service, authorization and Web services, and supports data sharing and synchronization. A security vulnerability exists in...
Solmate safetransfer and safetransferfrom does not check the codesize of the token address, which may lead to fund loss
Lines of code Vulnerability details Impact Possible miscalculation and loss of funds. Proof of Concept In AstariaRouter.commitToLiens, the safetransfer and safetransferfrom doesn’t check the existence of code at the token address. This is a known issue while using solmate’s libraries.Hence this m...
Proper use of dependecy
Lines of code Vulnerability details Impact Using safeTransferFrom of solmate. There is no checking the token address is exist Proof of Concept After consulting the dev, the only check for making sure the token exist is a list on the UI/fontend side. A highly motivated attacker can easily disable...
SOLMATE SAFETRANSFER AND SAFETRANSFERFROM DOES NOT CHECK THE CODESIZE OF THE TOKEN ADDRESS, WHICH MAY LEAD TO FUND LOSS
Lines of code Vulnerability details Impact Reference from a previous Contrest : In uniswapV3SwapCallback and sendPaprFromAuctionFees the safetransfer and safetransferfrom doesn’t check the existence of code at the token address. This is a known issue while using solmate’s libraries. Hence this ma...
CVE-2022-46382
RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4.8.5, 4.9 through 4.9.12, and 4.10 through 4.10.8 has Insecure Permissions. After signing into Digital Rebar, users are issued authentication tokens tied to their account to perform actions within Digital Rebar. During the...
CVE-2022-46382
Summary: CVE-2022-46382 affects RackN Digital Rebar up to version 4.10.8, where authentication tokens issued after login could still authorize actions even if the user account no longer exists. The root cause is insecure token validation during the lifecycle of a user account, enabling deleted us...
GHSA-96VH-4RFP-C42C HTSJDK is vulnerable to exposure of resource(s) to the wrong sphere
The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it...
Not checking if tokenId exist on distributeFees
Lines of code Vulnerability details Impact Not checking if tokenId exist on distributeFees can set the msg.value to uncreated tokenId Proof of Concept For example an Owner mistakenly call distributeFee with a tokenId which doesn't exist, then the function will success, but unfortunately any user...
OESA-2022-2056 three-eight-nine-ds-base security update
389-ds-base is an LDAPv3 compliant server which includes the LDAP server and command line utilities for server administration. Security Fixes: When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an...
Lack of a contract existence check may lead to undefined behavior
Lines of code Vulnerability details Impact Low-level calls call/delegatecall/staticcall return true even if the account called is non-existent per EVM design. Solidity documentation warns: “The low-level functions call, delegatecall and staticcall return true as their first return value if the...
Lack of check for contract existance can cause loss of funds during transfers
Lines of code Vulnerability details Impact The current transfers will not check if the to address is for an existing token contract. This can cause loss of funds if an user attempts to make a swap for a tokens added to a pool and destructed later. Proof of Concept TokenA gets added to a pool The...
CVE-2022-40637
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...
CVE-2022-20300
In Content, there is a possible way to check if the given account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2022-20300
In Content, there is a possible way to check if the given account exists on the device due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...