EUVD-2002-2142

Malware in sbrugna...

CVE-2024-45987

Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery CSRF via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically submits a vote for a specified party without the user's consent ...

CultureIndex.sol#_vote() - Creators of certain piece can vote for their piece

Lines of code Vulnerability details Impact In CultureIndex there is a function vote that allows users to vote for a piece to get sold on the auction house. Each piece has creators that get cut of the sale. The problem is that there is no checks if the user voting for a certain piece is it's own...

WordPress plugin WP-Polls 安全漏洞

WP-Polls is a WordPress polling plugin. A vulnerability exists in WordPress WP-Polls versions prior to 2.76.0 to bypass IP-based restrictions. The vulnerability stems from prioritizing the IP of visitors from certain HTTP headers instead of PHP's REMOTEADDR, which can be exploited by an attacker ...

A week in security (August 26 – September 1)

Last week on Malwarebytes Labs, we analysed the Android xHelper trojan, we wondered why the Nextdoor app would send out letters on behalf of their customers, reported about a study that explores the clickjacking problem across top Alexa-ranked websites, wondered how to get the board to invest in...