CVE-2023-5054 Super Store Finder <= 6.9.3 - Unauthenticated Email Creation/Sending

The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attacker...

Missing validation checks on sending non blocking LZ payload

Lines of code Vulnerability details Impact In OFTCoreV2 provided as example by LayerZero function sendaddress from, uint16 dstChainId, bytes32 toAddress, uint amount, address payable refundAddress, address zroPaymentAddress, bytes memory adapterParams internal virtual returns uint amount...

SoftEtherVPN -- multiple vulnerabilities

Daiyuu Nobori reports: The SoftEther VPN project received a high level code review and technical assistance from Cisco Systems, Inc. of the United States from April to June 2023 to fix several vulnerabilities in the SoftEther VPN code. The risk of exploitation of any of the fixed vulnerabilities ...

Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers

Microsoft on Friday shared guidance to help customers discover indicators of compromise IoCs associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397 CVSS score: 9.8, the critical flaw relates to a case of privilege escalation that could be exploited to steal NT LAN...

CVE-2023-23397: The Notification Sound You Don’t Want to Hear

CVE-2023-23397: The Notification Sound You Don’t Want to Hear By Mark Bereza · March 17, 2023 This story was also written by John Dunlap. Overview During the March "Patch Tuesday" security update, a new Outlook security vulnerability was revealed as being exploited in the wild. This is a serious...

The March 2023 Patch Tuesday Security Update Review

Microsoft has released its monthly security update for March 2023. This months updates addressed various vulnerabilities in different products. Lets go through this months Patch Tuesday details and discuss the security updates. Microsoft Patches for March 2023 Microsoft has addressed 101...

CVE-2023-0035

softbusclientstub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege...

CVE-2023-0035

softbusclientstub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege...

CVE-2023-0036

platformcallbackstub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege...

Authentication flaw

platformcallbackstub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege...

Authentication flaw

softbusclientstub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege...

CVE-2023-0036

CVE-2023-0036 affects OpenHarmony v3.0.5 and earlier. The vulnerability is in the platform_callback_stub of the misc subsystem, causing an authentication bypass that enables a local attacker to bypass authentication and target other SAs with high privileges. No exploitation details are provided i...

CVE-2023-0036 platform_callback_stub in misc subsystem has an authentication bypass vulnerability which allows an "SA relay attack".

platformcallbackstub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege...

CVE-2023-0035 softbus_client_stub in communication subsystem has an authentication bypass vulnerability which allows an "SA relay attack".

softbusclientstub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege...

CVE-2023-0035 softbus_client_stub in communication subsystem has an authentication bypass vulnerability which allows an "SA relay attack".

softbusclientstub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege...

CVE-2023-0035

OpenHarmony you’re looking at: affected product OpenHarmony v3.0.5 and earlier, with the issue in the softbus_client_stub of the communication subsystem. The root cause is an authentication bypass that enables an “SA relay attack,” allowing a local attacker to bypass authentication and target oth...

PT-2023-15962 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 3.0.5 Description: The issue allows local attackers to bypass authentication and attack other SAs with high privilege through an "SA relay attack". This is due to an authentication bypass vulnerability in the...

Theft of funds under relaying the transaction

Lines of code Vulnerability details Description The execTransaction function is designed to accept a relayed transaction with a transaction cost refund. At the beginning of the function, the startGas value is calculated as the amount of gas that the relayer will approximately spend on the...

PT-2023-15961 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 3.0.5 Description: The issue allows local attackers to bypass authentication and attack other SAs with high privilege through an "SA relay attack". This is due to an authentication bypass vulnerability in the...

CrossChainExecutor contracts do not update the necessary states for failing transactions.

Lines of code Vulnerability details Impact The CrossChainExecutorArbitrum and CrossChainExecutorOptimism contracts both use CallLib library to invoke Calls on external contract. As per the CallLib library implementation, any failing Call results in the entire transaction getting reverted. The...