EUVD-2018-20458

Malware in sbrugna...

Swap functionality to sell rewards is too permissive and could cause accidental or intentional loss of value

Lines of code Vulnerability details Summary While the intention is to use the 0x protocol to sell rewards, the implementation doesn't provide any basic guarantee this will correctly happen and grants the rewarder arbitrary control over the tokens held by the strategy. Impact Rewards earned in the...

CVE-2023-26430

Attackers with access to user accounts can inject arbitrary control characters to SIEVE mail-filter rules. This could be abused to access SIEVE extension that are not allowed by App Suite or to inject rules which would break per-user filter processing, requiring manual cleanup of such rules. We...

CVE-2023-36669

Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit IDU before 11.4 allows remote attackers to obtain arbitrary control of the IDU/ODU system. Any attacker with layer-3 network access to the IDU can impersonate the Touch Panel Unit TPU within the IDU by sending crafte...

Authentication flaw

Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit IDU before 11.4 allows remote attackers to obtain arbitrary control of the IDU/ODU system. Any attacker with layer-3 network access to the IDU can impersonate the Touch Panel Unit TPU within the IDU by sending crafte...

CVE-2023-36669

Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit IDU before 11.4 allows remote attackers to obtain arbitrary control of the IDU/ODU system. Any attacker with layer-3 network access to the IDU can impersonate the Touch Panel Unit TPU within the IDU by sending crafte...

Buffer overflow vulnerability in AC9V3.0 upgrade software of Shenzhen Jixiang Tengda Technology Co.(CNVD-2020-29379)

AC9V3.0 upgrade software is a Gigabit Ethernet port wireless router from Shenzhen Jixiang Tengda Technology Co. Ltd. AC9V3.0 upgrade software has a buffer overflow vulnerability, which can be exploited by an attacker to cause a denial of service overwrite the return value of a function, and the...

QEMU - NBD Server Long Export Name Stack Buffer Overflow

Exploit for linux platform in category dos / poc Introduced in commit f37708f6b8 2.10. The NBD spec says a client can request export names up to 4096 bytes in length, even though they should not expect success on names longer than 256. However, qemu hard-codes the limit of 256, and fails to filte...

QEMU - NBD Server Long Export Name Stack Buffer Overflow

Introduced in commit f37708f6b8 2.10. The NBD spec says a client can request export names up to 4096 bytes in length, even though they should not expect success on names longer than 256. However, qemu hard-codes the limit of 256, and fails to filter out a client that probes for a longer name; the...

DamiCMS 任意控制投票票数

简要描述： DamiCMS 任意控制投票票数 详细说明： 投票的关键代码如下。 foreach$POST'vote' as $v vardump$v; $v = strreplace"\n","",$v; $s = explode"=",$v; vardump$s; $data'vote' = strreplace$v,$s0."=".intval$s1 + 1,$data'vote'; vardump$data; if$vote-where'id='.intval$POST'id'-save$data 传入的数据用等号分割，类似 选项1=3 会变成 array选项1,3，...

MagicISO <= 5.4 (build239) .cue File Local Buffer Overflow Exploit

No description provided by source. / -- poc/demo for magiciso exploit, found by n00b -- by: [email protected] -- original email reply comments: I actually looked into this when you posted this on milw0rm. I was able to get it to run arbitrary code, however it was so unreliable it wasn't worth me...

Talkative IRC 0.4.4.16 Remote Stack Overflow Exploit (SEH)

No description provided by source. !/usr/bin/perl Title: Talkative IRC 0.4.4.16 Remote Stack Overflow Exploit SEH Summary: The easiest and fastest way to meet people online. With Talkative IRC you can chat with thousands of people at the same time. Find people with the same interests as you. Join...