Wrongly implemented modifier allow everybody to mint Rabbit Hole tickets.

Lines of code Vulnerability details Impact As specified on RabbitHole C4 contest page, RabbitHoleTickets smart contract 'is an 1155 reward contract used by the RabbitHole team.' Meaning that the assets managed by this smart contract have value. Moreover this contract implements ERC-2981: NFT...

Inout Jobs Portal 2.2.2 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Inout RealEstate 2.1.3 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

CVE-2023-20057

A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could...

CVE-2023-20057

A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could...

Cisco Email Security Appliance 注入漏洞

Cisco Email Security Appliance ESA is an email security appliance from Cisco USA. A security vulnerability exists in the Cisco Email Security Appliance ESA that stems from mishandling of URLs. An attacker exploits the vulnerability to bypass URL reputation filters via specially crafted URLs...

CVE-2023-20057

A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could...

Cisco Email Security Appliance URL Filtering Bypass Vulnerability

On January 18, 2023, Cisco disclosed the following: A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due...

BootCommerce 3.2.1 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Reddit: Reflected XSS via File Upload

Vulnerability description not provided...

reentrancy

Lines of code Vulnerability details Impact If an attacker were able to successfully exploit a reentrancy vulnerability in this contract, they could potentially cause the contract to enter an infinite loop, consuming all available gas and rendering it unusable. This could result in financial losse...

Unrestricted Upload of file with dangerous type lead to destroying the company's reputation.

Description In upload function i found the function accept a lot of file type and this is very dangerous because may be malicious user upload html file contain any information like go to another site or write message destroying the company's reputation like this site has been hacked by hacker Pro...

inDrive: Disclosure of users' ip address whenever they view my fright offer on image preview (Without interaction)

A vulnerability was disclosed where users' IP addresses were leaked when they viewed freight offers, without any interaction required. By changing post image URLs to external sites, the external site received the user's IP when they viewed the post. This leaked user IPs and location, enabling...

Governor ownership can be lost because of not sanity check

Lines of code Vulnerability details Governor ownership can be lost because of no checks Impact Sanity checks are important to not affect reputation / flows and users of the protocol when a mistake is done. 0 address should be checked for important address assignments in this case, only done in th...

Mobile app usage soars but security still falls short

Benchmark analysis of mobile apps shows 99% have security or privacy vulnerabilities. These weaknesses can cause exposure of sensitive information and jeopardize brand reputation, customer trust and company value...

Identifying cyberthreats quickly with proactive security testing

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Matthew Hickey,...

PT-2022-6261 · Cisco · Cisco Asyncos Software For Cisco Email Security Appliance

Name of the Vulnerable Software and Affected Versions: Cisco AsyncOS Software for Cisco Email Security Appliance ESA affected versions not specified Description: A vulnerability in the URL filtering mechanism could allow an unauthenticated, remote attacker to bypass the URL reputation filters on ...

Virual defacement allows attacker to display any message of his choice

Description This attack involves injecting malicious data into a page of a web application to feed misleading information to users of the application. This kind of attack is known as virtual defacement because the actual content hosted on the target's web server is not modified. The defacement is...

A week in security (September 12 – 18)

Last week on Malwarebytes Labs: The North Face hit by credential stuffing attack Facebook engineers aren't sure where all user data is kept 6 patch management best practices for businesses The MSP playbook on deciphering tech promises and shaping security culture Apple puts the password on life...

How to help your child manage their online reputation

Whether your child has been socially active online for a while now or you just handed your young one their first ever smartphone, now is an excellent time to think about managing their online reputation. The concept may sound overwhelming, but doing it is easy. Since you're no doubt talking to yo...