Unbounded loop on array that can only grow can lead to DoS

Handle robee Vulnerability details A malicious attacker that is also a protocol owner can push unlimitedly to an array, that some function loop over this array. If increasing the array size enough, calling the function that does a loop over the array will always revert since there is a gas limit...

Buffer overflow

DISPUTED Buffer overflow in the arrayfrompyobj function of fortranobject.c in NumPy 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can onl...

CVE-2020-20120

ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods...

Anyone can call onERC721Received() function and spam the array "nfts"

Handle Sherlock Vulnerability details Impact An attacker can deal direct economic damage to the owner/delegate spending some gas to spam the array of "nfts" with different values. It will be more costly to remove these nfts one-by-one, transaction-by-transaction. Also, it makes other functions...

CVE-2021-23328

This affects all versions of package iniparserjs. This vulnerability relates when iniparser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program...

Microsoft VBScript rtFilter Out-Of-Bounds Read Exploit

There is an out-of-bounds vulnerability in Microsoft VBScript in rtFilter. The vulnerability has been confirmed in Internet Explorer on Windows 7 with the latest patches applied. vbscript: out-of-bounds read in rtFilter CVE-2018-8552 There is an out-of-bounds vulnerability in Microsoft VBScript...

OMRON CX-Supervisor SCS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling...

CVE-2017-7818

A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications ARIA elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...

Chrome V8 JIT LoadElimination::ReduceTransitionElementsKind Bug

Chrome: V8: JIT: A bug in LoadElimination::ReduceTransitionElementsKind I think this commit has introduced the bug: https://chromium.googlesource.com/v8/v8.git/+/9884bc5dee488bf206655f07b8a487afef4ded9b Reduction LoadElimination::ReduceTransitionElementsKindNode node ... if...

Microsoft Edge Select Element Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Apple Safari - Array concat Memory Corruption

Apple Safari - Array concat Memory Corruption !-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1095 There is an out-of-bounds memcpy in Array.concat that can lead to memory corruption. In builtins/ArrayPrototype.js, the function concatSlowPath calls a native method...

shopify-scripts: Clearing , Shifting and Pop Value from Frozen Array

Hey again! Founded another missing best practice in mruby. That allow an attacker to Delete pop or clear the Frozen ARRAY. This report is similar to 194866 POC === $a = 1,2,3,4,5.freeze $a.pop "= This will give 5 and $a will become 1,2,3,4" $a.shift "= This will give 1 and $a will become 2,3,4,5"...

Denial Of Service (DoS)

ejs is vulnerable to denial of service DoS attacks. A malicious user can cause the system to crash by controlling and modifying values in the OPTS array...

CVE-2016-4333

The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the...

CVE-2016-4330

In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution...

Microsoft Internet Explorer CTableLayout AddRow Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

Microsoft Edge CAttrArray Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Microsoft Edge...

Destoon 2 0 1 4 0 5 3 0 the latest version of the super-global variable coverage lead to security issues-vulnerability warning-the black bar safety net

The code fragment 0x1 /common. inc. php, line 1 7 | 1 2 3 4 | foreacharray'POST', 'GET', 'COOKIE' as $R if$$R foreach$$R as $k = $v ifisset$$k && $$k == $v unset$$k; ---|--- The logic here is that if the post get cookie request of$the$key and$value are equal on the unset out$the$key If we are to ...

Easytalk sql注入一枚

简要描述： 过滤不严。 详细说明： 在voteaction.class.php中 public function sendvote $vid=intval$POST'vid'; $votedata=$POST'votedata'; $isret=intval$POST'isret'; $isnone=intval$POST'isnone'; if $vid if isarray$votedata $vmodel=D'Votes'; $vopt=D'Voteoptions'; $vuser=D'Voteusers'; $myvote=$vuser-where"voteid='$vid' A...

ewebeditor for php arbitrary file upload vulnerability-vulnerability warning-the black bar safety net

This vulnerability only tested the latest version v3. 8,don't know low version of the existence of this vulnerability. PHP version of ewebeditor did not use the database to save the configuration information, all information is located in the php/config. in php, The code is as follows: ? php...