Exploring the Vulnerabilities of Seaport: A Technical Analysis of a Fake Signature Attack on Non-Fungible Tokens

Lines of code Vulnerability details Impact This finding aims to provide a comprehensive analysis of the sc4m trend, which emerged in August 2022, and has since been a prevalent issue in the WEB3 space. Despite efforts to combat this phenomenon, bad actors continue to engage in illicit activities,...

Solmate's ERC20 does not check for token contract's existence

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Not checking for token existence is a know issue for Solmate. This can cause unexpected contract functionality for transfers implemented in the codes. Proof of Concept Provide direct links to all...

Wrong implementations in ERC4626RouterBase contract

Lines of code Vulnerability details The ERC4626RouterBase contract contains a set of functions that act as wrappers for a ERC4626 contract, providing a base periphery functionality around a ERC4626 vault. There are a number of different flaws in the wrapped implementations of mint, deposit,...

Server-Side Request Forgery (SSRF)

arc/web is vulnerable to Server-Side Request Forgery SSRF. A remote attacker is able exploit the SSRF vulnerability to abuse server functionality and access or modify resources via the construct function of src/url/Url.php...

CVE-2023-0122

A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmetsetupauth, allows an attacker to perform a Pre-Auth Denial of Service DoS attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4...

Null pointer dereference

A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmetsetupauth, allows an attacker to perform a Pre-Auth Denial of Service DoS attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4...

Sql injection

A vulnerability was found in VictorFerraresi pokemon-database-php. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The patch is named dd0e1e6cdf648d6a3deff441f515bcb1d7573d68. It is recommended to apply a patch...

CVE-2023-22316

Hidden functionality vulnerability in PIX-RT100 versions RT100TEQ2.1.1EQ101 and RT100TEQ2.1.2EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services...

CVE-2023-22316

Hidden functionality vulnerability in PIX-RT100 versions RT100TEQ2.1.1EQ101 and RT100TEQ2.1.2EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services...

Design/Logic Flaw

Hidden functionality vulnerability in PIX-RT100 versions RT100TEQ2.1.1EQ101 and RT100TEQ2.1.2EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services...

CVE-2023-22316

Hidden functionality vulnerability in PIX-RT100 versions RT100TEQ2.1.1EQ101 and RT100TEQ2.1.2EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services...

CVE-2023-22316

Hidden functionality vulnerability in PIX-RT100 versions RT100TEQ2.1.1EQ101 and RT100TEQ2.1.2EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services...

PT-2023-33196 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.83 Description: The issue concerns a use-after-free in the ip6 fragment function. This problem was introduced in version v4.13 and is fixed in Linux Kernel version v5.15.83. The actual impact and attack...

PT-2023-33576 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.17 Description: The issue is related to the eventfd functionality. A helper function, eventfd signal mask, has been introduced. The actual impact and potential for exploitation have not been confirmed yet...

PT-2023-33391 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.269 Description: The issue concerns a use-after-free in the ip6 fragment function. This problem was introduced in version v4.13 and is fixed in Linux Kernel version v4.19.269. The actual impact and attack...

PT-2023-33425 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.302 Description: The issue concerns a use-after-free in the ip6 fragment function. This problem was introduced in version v4.13 and is fixed in Linux Kernel version v4.14.302. The actual impact and attack...

PT-2023-33585 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.17 Description: The issue is related to the pnode functionality, specifically the termination at peers of the source. The actual impact and attack plausibility have not yet been proven. Recommendations: For...

CVE-2023-0122

A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmetsetupauth, allows an attacker to perform a Pre-Auth Denial of Service DoS attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4...

prodigasistemas curupira SQL注入漏洞

curupira is a simple authentication and authorization method from Pródiga Sistemas open source. A SQL injection vulnerability exists in prodigasistemas curupira, which stems from the presence of unknown functionality in the file app/controllers/curupira/passwordscontroller.rb, leading to SQL...

clan7ups SQL注入漏洞

clan7ups is an offshoot of the old Destiny Universal Point System. An SQL injection vulnerability exists in antonbolling clan7ups, which stems from a problem with the unknown functionality of the component Login/Session, leading to SQL injection...