404 matches found
MAL-2024-7545 Malicious code in sap-amount (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8956ea6aded6c1b89426a6ac908c07ef50a95ae0dd32d0a8c4d5be953fe93583 The OpenSSF Package Analysis project identified 'sap-amount' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in sap-amount (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8956ea6aded6c1b89426a6ac908c07ef50a95ae0dd32d0a8c4d5be953fe93583 The OpenSSF Package Analysis project identified 'sap-amount' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in libx-amount (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-2609 Malicious code in libx-amount (npm)
--- -= Per source details. Do not edit below this line.=-...
Exploit for SQL Injection in Vanquish Woocommerce_Customers_Manager
CVE-2024-0399 - WooCommerce Customers Manager 29.4 - Post-Auth...
CVE-2024-26905
CVE-2024-26905 is rejected by the CNA and not a valid vulnerability entry.
Church Management System SQL注入漏洞
Church Management System is a church management system. A SQL injection vulnerability exists in version 1.0 of the Church Management System, which originates from an SQL injection vulnerability in the amount parameter of the /admin/addgiving.php file...
CVE-2024-25867
A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters in the addtype.php component...
PT-2024-21173 · Unknown · Codeastro Membership Management System
Name of the Vulnerable Software and Affected Versions: CodeAstro Membership Management System version 1.0 Description: A SQL Injection issue allows a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters in the "add type.php" component. This...
CodeAstro Membership Management System SQL Injection Vulnerability
CodeAstro Membership Management System is a membership management system from CodeAstro. A SQL injection vulnerability exists in CodeAstro Membership Management System v.1.0 that could allow a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters...
CVE-2024-1924
A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /getmembershipamount.php. The manipulation of the argument membershipTypeId leads to sql injection. It is possible to initiate the attack remotely...
PT-2024-18426 · Unknown · Codeastro Membership Management System
Name of the Vulnerable Software and Affected Versions: CodeAstro Membership Management System version 1.0 Description: A critical issue has been found in the CodeAstro Membership Management System. The problem affects the /get membership amount.php file, where the manipulation of the...
Miscalculation of OLAS Amount Due to Inaccurate LP Token Price in Specific Bonding Mechanism Scenarios
Lines of code Vulnerability details Impact Incorrect valuation of the LP Token price can result in either an excess issuance of OLAS Tokens, causing a loss to the protocol, or a lower issuance of OLAS Tokens, leading to losses for the user. Proof of Concept The prototype of the create function in...
minaliC 2.0.0 Denial Of Service
!/usr/bin/perl use Socket; Exploit Title: minaliC 2.0.0 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 03 january 2024 Vendor Homepage: http://minalic.sourceforge.net/ Download to demo: https://drive.google.com/file/d/1WoDbps6up2s5Xa40YXDSABRU9J17yRQd/view?usp=sharing...
Liquidator has no incentives to execute a favorable trade to the borrower
Lines of code Vulnerability details Summary Swaps involved in liquidations may negatively impact the owner of the lien, since there is no incentive to execute a favorable trade as long as the received amount is enough to recover the liquidity. Impact When an existing position is closed, the...
Excess funds sent via msg.value not refunded
Lines of code 201 Vulnerability details The code below allows the caller to provide Ether, but does not refund the amount in excess of what's required, leaving funds stranded in the contract. The condition should be changed to check for equality, or the code should refund the excess. File:...
_determineTransferAmount does't support low decimal tokens.
Lines of code Vulnerability details Impact determineTransferAmount does't support low decimal tokens. Transfer amount will be force set to incorrect amount. Proof of Concept In process of erc20Wrap,in order to support different decimal tokens, the contract use determineTransferAmount to get...
Incorrect Decimals Conversion in Curve2PoolAdapter::primitiveOutputAmount Function
Lines of code Vulnerability details Impact The bug in the primitiveOutputAmount function can lead to incorrect decimal conversions when calculating the rawInputAmount. The rawInputAmount is calculated using the convertDecimals function, but the decimals parameter passed to convertDecimals is...
An attacker can manipulate the preDepositvePrice to steal from other users.
Lines of code Vulnerability details Impact The first user that stakes can manipulate the total supply of sfTokens and by doing so create a rounding error for each subsequent user. In the worst case, an attacker can steal all the funds of the next user. Proof of Concept When the first user enters...
Upgraded Q -> 2 from #776 [1701456793936]
Judge has assessed an item in Issue 776 as 2 risk. The relevant finding follows: Low-01 No minimum AmountrsETH receive parameter absent in depositAsset Here we can see that User deposit asset via depositAsset which take asset address and asset depositAmount as parameter Then rsethAmountMinted...