152 matches found
PT-2023-5088 · Microsoft · Exchange Server
Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to errors in access control. It allows a remote attacker to execute arbitrary code in the context of the server account by making a network call. This...
CVE-2023-35667
In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2023-35667
In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
The rUSDY.transferFrom function can cause reentrancy if is a contract been approved
Lines of code Vulnerability details Impact The rUSDY.transferFrom function can cause reentrancy if is a contract been approved, the function looks like: function transferFrom address sender, address recipient, uint256 amount public returns bool uint256 currentAllowance = allowancessendermsg.sende...
Doorkeeper Improper Authentication vulnerability
OAuth RFC 8252 says https://www.rfc-editor.org/rfc/rfc8252section-8.6 the authorization server SHOULD NOT process authorization requests automatically without user consent or interaction, except when the identity of the client can be assured. This includes the case where the user has previously...
CVE-2022-4815
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods...
User can fuse an NFT with minimal cost
Lines of code Vulnerability details Impact User can fuse an NFT with minimal cost Proof of Concept The fuse is used to fuse a new Namespace NFT with the referenced tiles,if it is called, the protocol will transfer fusing costs from msg.sender to revenue address. The fusing costs is calculated...
An approved operator of a CID NFT owner can steall any subprotocol NFTs from the CID NFT Owner and his other approved operators.
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. An approved operator of a CID NFT owner, if becomes malicious or compromised, can steal any subprotocol NFTs from the CID NFT Owner and his other approved operators. This is possible because: after...
Rapid7 Added to Carahsoft GSA Schedule Contract
We are happy to announce that Rapid7 has been added to Carahsoft’s GSA Schedule contract, making our suite of comprehensive security solutions widely available to Federal, State, and Local agencies through Carahsoft and its reseller partners. “With the ever-evolving threat landscape, it is...
Liquidity cannot be removed by an approved address via Router
Lines of code Vulnerability details Impact Using the Router, liquidity can only be removed by the owner of an NFT, which significantly limits liquidity management. The Pool contract, however, does allow approved addresses to remove liquidity. Proof of Concept The Router contract is a higher level...
A mistake made by the Minters can result in minting tokens to a wrong address or a zero address.
Lines of code Vulnerability details Impact Tokens can be minted to a wrong address. Proof of Concept The function mintermint is used by the Minters, to mint tokens to the users that successfully used the functions submitAndDeposit, submit and submitAndGive. However there is no check in mintermint...
Improper access control in withdraw at Vault.sol
Lines of code Vulnerability details Impact Anyone can withdraw on behalf of approved user Proof of Concept Function withdraw at Vault.sol has incorrect access control. As the owner is passed as a parameter anyone can call withdraw to a approved receiver. This is the same logic used in...
Swap at the lower cushion is impossible due to non approved withdrawal. Wrong implementation can cause free swaps.
Lines of code Vulnerability details Impact Currently it is not clear how the swap user is approved for withdrawing from treasury. Depending on implementation, user could swap without spending any tokens, due to approval mechanism in the TRSRY module. Description In the swap function it should be...
CVE-2021-27778
HCL Traveler is vulnerable to a cross-site scripting XSS caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, session tokens, or oth...
CVE-2021-27778
HCL Traveler is vulnerable to a cross-site scripting XSS caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, session tokens, or oth...
Approved spender can not withdraw or merge
Lines of code Vulnerability details In the current implementation, withdraw and merge veNFT can be called by approved spender or token owner. function withdrawuint tokenId external nonreentrant assertisApprovedOrOwnermsg.sender, tokenId; function mergeuint from, uint to external...
withdraw() and merge() functions of VotingEscrow won't work when an approved user(not owner) calls because _burn() function fails.
Lines of code Vulnerability details Impact withdraw and merge functions of VotingEscrow won't work when an approved usernot owner calls. Proof of Concept withdraw and merge functions call burn function inside and burn function calls removeTokenFrom using msg.sender. But removeTokenFrom requires...
VotingEscrow's merge and withdraw aren't available for approved users
Lines of code Vulnerability details Users who are approved, but do not own a particular NFT, are supposed to be eligible to call merge and withdraw from the NFT. Currently burn, used by merge and withdraw to remove the NFT from the system, will revert unless the sender is the owner of NFT as the...
Uber: Uber Test Report 20220301
Test summary from Team Uber. This is the summary from secret John. This is the edit from hacker John after disclosure was approved. Second test after disclosure...
Malicious Market Creators Can Steal Tokens From Unsuspecting Approved Reference Accounts
Handle leastwood Vulnerability details Impact The current method of market creation involves calling Factory.createMarket with a list of approved conditions and references accounts. If a registered template address has templatesaddresstemplate.isOpen == true, then any user is able to call...