Lucene search
K

404 matches found

OSV
OSV
added 2024/07/11 1:56 a.m.5 views

MAL-2024-7545 Malicious code in sap-amount (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8956ea6aded6c1b89426a6ac908c07ef50a95ae0dd32d0a8c4d5be953fe93583 The OpenSSF Package Analysis project identified 'sap-amount' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

7.3AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/07/11 1:56 a.m.2 views

Malicious code in sap-amount (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8956ea6aded6c1b89426a6ac908c07ef50a95ae0dd32d0a8c4d5be953fe93583 The OpenSSF Package Analysis project identified 'sap-amount' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 12:48 p.m.2 views

Malicious code in libx-amount (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/06/25 12:48 p.m.6 views

MAL-2024-2609 Malicious code in libx-amount (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
GithubExploit
GithubExploit
added 2024/05/09 6:21 p.m.74 views

Exploit for SQL Injection in Vanquish Woocommerce_Customers_Manager

CVE-2024-0399 - WooCommerce Customers Manager 29.4 - Post-Auth...

8.1CVSS8.4AI score0.02877EPSS
Exploits5
CVE
CVE
added 2024/04/17 10:27 a.m.79 views

CVE-2024-26905

CVE-2024-26905 is rejected by the CNA and not a valid vulnerability entry.

6.4AI score
Exploits0
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.4 views

Church Management System SQL注入漏洞

Church Management System is a church management system. A SQL injection vulnerability exists in version 1.0 of the Church Management System, which originates from an SQL injection vulnerability in the amount parameter of the /admin/addgiving.php file...

8.8CVSS7AI score0.00882EPSS
Exploits1References5
OSV
OSV
added 2024/02/28 10:15 p.m.5 views

CVE-2024-25867

A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters in the addtype.php component...

9.1CVSS6.1AI score0.00674EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.4 views

PT-2024-21173 · Unknown · Codeastro Membership Management System

Name of the Vulnerable Software and Affected Versions: CodeAstro Membership Management System version 1.0 Description: A SQL Injection issue allows a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters in the "add type.php" component. This...

9.1CVSS9.2AI score0.00674EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/02/28 12:0 a.m.4 views

CodeAstro Membership Management System SQL Injection Vulnerability

CodeAstro Membership Management System is a membership management system from CodeAstro. A SQL injection vulnerability exists in CodeAstro Membership Management System v.1.0 that could allow a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters...

9.1CVSS8.5AI score0.00674EPSS
Exploits1References2
OSV
OSV
added 2024/02/27 5:15 p.m.3 views

CVE-2024-1924

A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /getmembershipamount.php. The manipulation of the argument membershipTypeId leads to sql injection. It is possible to initiate the attack remotely...

5.3CVSS5.7AI score0.00475EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.7 views

PT-2024-18426 · Unknown · Codeastro Membership Management System

Name of the Vulnerable Software and Affected Versions: CodeAstro Membership Management System version 1.0 Description: A critical issue has been found in the CodeAstro Membership Management System. The problem affects the /get membership amount.php file, where the manipulation of the...

6.5CVSS8AI score0.00475EPSS
Exploits1References6
Code423n4
Code423n4
added 2024/01/08 12:0 a.m.15 views

Miscalculation of OLAS Amount Due to Inaccurate LP Token Price in Specific Bonding Mechanism Scenarios

Lines of code Vulnerability details Impact Incorrect valuation of the LP Token price can result in either an excess issuance of OLAS Tokens, causing a loss to the protocol, or a lower issuance of OLAS Tokens, leading to losses for the user. Proof of Concept The prototype of the create function in...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/03 12:0 a.m.303 views

minaliC 2.0.0 Denial Of Service

!/usr/bin/perl use Socket; Exploit Title: minaliC 2.0.0 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 03 january 2024 Vendor Homepage: http://minalic.sourceforge.net/ Download to demo: https://drive.google.com/file/d/1WoDbps6up2s5Xa40YXDSABRU9J17yRQd/view?usp=sharing...

7.4AI score
Exploits0
Code423n4
Code423n4
added 2023/12/21 12:0 a.m.14 views

Liquidator has no incentives to execute a favorable trade to the borrower

Lines of code Vulnerability details Summary Swaps involved in liquidations may negatively impact the owner of the lien, since there is no incentive to execute a favorable trade as long as the received amount is enough to recover the liquidity. Impact When an existing position is closed, the...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/12/12 12:0 a.m.25 views

Excess funds sent via msg.value not refunded

Lines of code 201 Vulnerability details The code below allows the caller to provide Ether, but does not refund the amount in excess of what's required, leaving funds stranded in the contract. The condition should be changed to check for equality, or the code should refund the excess. File:...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/12/08 12:0 a.m.9 views

_determineTransferAmount does't support low decimal tokens.

Lines of code Vulnerability details Impact determineTransferAmount does't support low decimal tokens. Transfer amount will be force set to incorrect amount. Proof of Concept In process of erc20Wrap,in order to support different decimal tokens, the contract use determineTransferAmount to get...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/12/08 12:0 a.m.14 views

Incorrect Decimals Conversion in Curve2PoolAdapter::primitiveOutputAmount Function

Lines of code Vulnerability details Impact The bug in the primitiveOutputAmount function can lead to incorrect decimal conversions when calculating the rawInputAmount. The rawInputAmount is calculated using the convertDecimals function, but the decimals parameter passed to convertDecimals is...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/12/05 12:0 a.m.9 views

An attacker can manipulate the preDepositvePrice to steal from other users.

Lines of code Vulnerability details Impact The first user that stakes can manipulate the total supply of sfTokens and by doing so create a rounding error for each subsequent user. In the worst case, an attacker can steal all the funds of the next user. Proof of Concept When the first user enters...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/12/01 12:0 a.m.11 views

Upgraded Q -> 2 from #776 [1701456793936]

Judge has assessed an item in Issue 776 as 2 risk. The relevant finding follows: Low-01 No minimum AmountrsETH receive parameter absent in depositAsset Here we can see that User deposit asset via depositAsset which take asset address and asset depositAmount as parameter Then rsethAmountMinted...

7AI score
Exploits0
Rows per page
Query Builder