CVE-2022-44036

In b2evolution 7.2.5, if configured with adminscanmanipulatesensitivefiles, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature not an issue and if you don't like that feature it is very obvious how to...

Wrong position size calculation in TradingLibrary.pnl()

Lines of code Vulnerability details Impact Users will pay less closing fees than they should when they have a profitable short position. Also, they will pay more fees when they have a lost short position. Proof of Concept TradingLibrary.pnl calculates the new position size like below. function...

The vulnerability of the software package for creating the position control system CX-Position, which is part of the Omron CX-One software suite, lies in the ability to write data beyond the buffer memory. This allows a hacker to execute arbitrary code.

The vulnerability of the software package for creating the position control system CX-Position, which is part of the Omron CX-One software suite, relates to the ability to write data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary...

Not enough margin pulled or burned from user when adding to a position

Lines of code Vulnerability details Impact When adding to a position, the amount of margin pulled from the user is not as much as it should be, which leaks value from the protocol and lowering the collateralization ratio of tigAsset. Proof of Concept In Trading.addToPosition the handleDeposit...

Functions of Trading contract can be reentered by Position.sol#mint

Lines of code Vulnerability details Impact Both the contracts of Position and Trading may not work correctly. Proof of Concept The Position.solmint calls safeMint will trigger a checkOnERC721Received callback, which can be used to reenter. Crackers can use this vulnerability to attack the protoco...

_priceData.price is not verified in _limitClose

Lines of code Vulnerability details Impact In the function limitClose from the TradingExtension contract the priceData.price is not verified with the getVerifiedPrice function instead its value is directly used, and because the the getVerifiedPrice internally calls the function...

Discrepency in the Uniswap V3 position price calculation because of decimals

Lines of code Vulnerability details Impact When the squared root of the Uniswap V3 position is calculated from the getOracleData function, the price may return a very high number in the case that the token1 decimals are strictly superior to the token0 decimals. See: The reason is that at the...

The vulnerability of the software package for creating the CX-Position position control system, which is part of the Omron CX-One software suite, allows a perpetrator to execute arbitrary code.

The vulnerability of the software package for creating the CX-Position position control system, which is part of the Omron CX-One software suite, relates to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created file...

CVE-2022-45480

PC Keyboard WiFi & Bluetooth allows an attacker in a man-in-the-middle position between the server and a connected device to see all data including keypresses in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N...

The vulnerability of the software package for creating the CX-Position position control system, which is part of the Omron CX-One software suite, allows a perpetrator to execute arbitrary code.

The vulnerability of the software package for creating the CX-Position position control system, which is part of the Omron CX-One software suite, relates to the execution of operations outside the buffer in memory when processing NCI files. Exploiting this vulnerability can allow an attacker to...

The vulnerability of the software package for creating the CX-Position position control system, which is part of the Omron CX-One software suite, allows a perpetrator to execute arbitrary code.

The vulnerability of the software package for creating the CX-Position position control system, which is part of the Omron CX-One software suite, relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially creat...

Server side request forgery (ssrf)

An issue was discovered in BMC Remedy before 22.1. Email-based Incident Forwarding allows remote authenticated users to inject HTML such as an SSRF payload into the Activity Log by placing it in the To: field. This affects rendering that occurs upon a click in the "number of recipients" field...

uint16 type for the facet position and selector position

Lines of code Vulnerability details Description In the Diamond library there is uint16 type used for the facet position and selector position in the FacetToSelectors and SelectorToFacet structs. That creates a restriction that the number of facets is limited by 2^16. In case when the number of...

CVE-2022-39348

A host header injection flaw was found in the twisted event-based framework's web module. When the host header does not match a configured host, the web module will render unescaped characters into the 404 response. This can result in HTML and script injection. For this vulnerability to be...

Design/Logic Flaw

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user in a privileged network position may be able to intercept mail credentials...

Spotlight: Women of Coalfire part 3

In this spotlight series, we are recognizing some of the women at Coalfire who have shattered glass ceilings and forged their own paths despite the obstacles they faced. Karen Laughton and Michi Everett are two of these women. Karen was the first female to hold an executive position in delivery a...

CVE-2022-3497

A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It is possible to laun...

Cross site scripting

A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It is possible to laun...

PT-2022-22465 · Sourcecodester · Sourcecodester Human Resource Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Human Resource Management System version 1.0 Description: A vulnerability was found in the Master List component, where the manipulation of the city, state, country, or position argument leads to cross-site scripting. This issu...

Human Resource Management System 跨站脚本漏洞

Human Resource Management System is a human resource management system by maverickosama Personal Developer. A cross-site scripting vulnerability exists in Human Resource Management System version 1.0, which is caused by incorrect manipulation of the parameters city/state/country/position...