flaw in the RPM package in the read functionality

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity...

CVE-2023-46482

SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component...

CVE-2023-46482

SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component...

Sql injection

SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component...

CVE-2023-46482

SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component...

PT-2023-30045 · Wuzhicms · Wuzhi Cms

Name of the Vulnerable Software and Affected Versions: wuzhicms version 4.1.0 Description: The issue allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component. This is a SQL injection vulnerability...

[SECURITY] Fedora 39 Update: kitty-0.30.1-2.fc39

Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics images, unicode, true-col or, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and several new...

CVE-2023-46138 JumpServer default admin user email leak password reset

JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...

Lack of functionality to distribute the yield to the USDe stakers.

Lines of code Vulnerability details Impact User will not get the benefit of the yield which is output of their USDe staking. Outcome of yield is the core feature of staking. we are submitting this as high. Proof of Concept An user who is not black listed is allowed to stake their USDe by calling...

Staking functionality temporary blocking due to lack of address zero check

Lines of code Vulnerability details Impact Though lack of zero check issue for the addToBlacklist function is already at the automated findings output, I suppose it is necessary to show the importance of this check here. In case of accidental or malicious the BLACKLISTMANAGERROLE behavior the...

Malicious user can completely prevent all users or users without large funds from staking

Lines of code Vulnerability details Vulnerability Details To prevent the issue with the first-depositor attack donation attack as written in the comments of checkMinShares in StakedUSDe.sol to the staking vault, the checkMinShares function is implemented in the StakedUSDe.sol contract when...

Compromised minter can change route to misdirect user funds

Lines of code Vulnerability details Impact The current security assumption revolves around the compromise of a minter, wherein they mint 200k USDe tokens for themselves and subsequently redeem them within the contract. Under this assumption, as long as the gatekeeper key remains secure, the minte...

Juzaweb CMS Injection Vulnerability

Juzaweb CMS is a content management system developed by Juzaweb Individual Developer based on the Laravel framework and Web platform. A security vulnerability exists in Juzaweb CMS v.3.4 and earlier versions, which originated from a vulnerability that allows remote attackers to execute arbitrary...

CVE-2023-5813 SourceCodester Task Reminder System sql injection

A vulnerability was found in SourceCodester Task Reminder System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=deletereminder. The manipulation of the argument id leads to sql injection. The attack may be launched remotely...

CVE-2023-46234

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

CVE-2023-28803

An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: before 3.9...

CVE-2023-28803 Traffic being bypassed by ZCC by configuring synthetic IP range as local network

An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: before 3.9...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Zabbix vulnerabilities (USN-4767-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4767-1 advisory. Fu Chuang discovered that Zabbix did not properly parse IPs. A remote attacker could possibly use this issue to execute arbitrary...

Missing payable modifier in ExecutorPlugin.executeTransaction(): Restricts Use of Native Assets (ETH) with Transactions

Lines of code Vulnerability details Impact A registered executor for a submodule cannot send ETH native assets with a transaction because the payable modifier is missing in the executeTransaction function. It's essential to address this issue to ensure full compatibility and functionality for...

CVE-2023-45278

Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request...