Lucene search
K

116 matches found

ATTACKERKB
ATTACKERKB
added 2025/02/03 12:0 a.m.68 views

CVE-2024-57968

Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders e.g., ones that are accessible during web browsing by other users. upload.aspx can be used for this. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

9.9CVSS6.8AI score0.30477EPSS
In wildExploits1References4
Code423n4
Code423n4
added 2024/01/23 12:0 a.m.13 views

Upgraded Q -> 3 from #146 [1706014097180]

Judge has assessed an item in Issue 146 as 3 risk. The relevant finding follows: L-6: OLAS minting via treasury is not guaranteed The OLAS.mint… method does not revert if the requested amount cannot be limited due to the inflation limit: function mintaddress account, uint256 amount external //...

7.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2024/01/09 12:0 a.m.128 views

CVE-2024-20666

BitLocker Security Feature Bypass Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

6.6CVSS7.2AI score0.03078EPSS
In wildExploits0References2
Code423n4
Code423n4
added 2023/12/10 12:0 a.m.7 views

plsss

Lines of code L12 Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/12/10 12:0 a.m.4 views

test

Lines of code L14 Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps lemme...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/11/29 12:0 a.m.13 views

Title of issue/finding

Lines of code , Vulnerability details Impact description for the issue found Content includes @Audit stack and code example of the issue Content includes @Audit stack and code example of the issue Assessed type other --- The text was updated successfully, but these errors were encountered: All...

7.4AI score
Exploits0
Code423n4
Code423n4
added 2023/11/26 12:0 a.m.9 views

Upgraded Q -> 2 from #304 [1701018148851]

Judge has assessed an item in Issue 304 as 2 risk. The relevant finding follows: Incorrect minTotalContribution and minContribution Interaction --- The text was updated successfully, but these errors were encountered: All reactions...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/11/17 12:0 a.m.11 views

Holder cannot claim fee

Lines of code Vulnerability details Impact Assume a user buys some shares and mints it to an NFT and sends the shares to a cold wallet for safety. The following happens: A user buys 10 shares using buy is called, the rewardsLastClaimedValue is updated to the latest holder rewards, the...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/11/17 12:0 a.m.11 views

Improper validation can cause fee error and loss of funds.

Lines of code Vulnerability details Impact If the amount is equal to zero the fee will be equal to zero, there is no check for amount should not be equal to zero the condition passes, it will fetch bondingCurve address then calcutes the price from LinearBondindCurve.sol,fee = priceForOne amount...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/11/15 12:0 a.m.14 views

Too small deposits will result in no rsEth mint for the

Lines of code Vulnerability details Impact User will get nothing if the deposit amount is too small . Proof of Concept The getRsETHAmountToMint is for getting the conversion rate of asset to rsEth . /// @return rsethAmountToMint Amount of rseth to mint function getRsETHAmountToMint address asset,...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/11/03 12:0 a.m.8 views

Upgraded Q -> 2 from #246 [1699029716295]

Judge has assessed an item in Issue 246 as 2 risk. The relevant finding follows: L-01 Use the factory constant address of the testnet Description import UNISWAPV3FACTORY, GOERLIUNISWAPV3FACTORY from '@script/Registry.s.sol'; contract UniV3Relayer is IBaseOracle, IUniV3Relayer // --- Registry ---...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/11/02 12:0 a.m.9 views

testing submission form - IGNORE

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps Assessed...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/11/01 12:0 a.m.8 views

Testing form

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps Assessed...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/10/30 12:0 a.m.11 views

Temporary DOS attack on users minting and redeeming big amount using EthenaMinting.sol

Lines of code Vulnerability details Impact The users redeeming and minting using EthenaMinting.sol with a large amount can be vulnerable to DOS attack. Proof of Concept There is a limit on the max amount to redeem and mint in a block. This can be crucial to the users that are minting or redeeming...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/26 12:0 a.m.7 views

Underflow can be occurred in codebase

Lines of code Vulnerability details Impact Because of the lack of the input validation, underflow can be occurred in the code. Proof of Concept function getRegisteredBorrowers uint256 start, uint256 end external view returns address memory arr uint256 len = borrowers.length; end = MathUtils.minen...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/10/25 12:0 a.m.5 views

at _modifyCollateralBalance when locking and generating debt your wad is going to be negative number but at the token Collateral mapping should not have any negative numbers

Lines of code Vulnerability details Impact the protocol will not work, all functions will not work Proof of Concept you cannot set negative number to uint256 Tools Used manual Recommended Mitigation Steps change the mapping to : mappingbytes32 cType = mappingaddress safe = int256 wad public...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/21 12:0 a.m.5 views

Upgraded Q -> 3 from #102 [1697893134448]

Judge has assessed an item in Issue 102 as 3 risk. The relevant finding follows: QA-02 Missing requiresApprovedCaller modifier --- The text was updated successfully, but these errors were encountered: All reactions...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/10/11 12:0 a.m.6 views

This code is not wroking amounts[:sourcesLength]

Lines of code Vulnerability details Impact it is not going to work the whole protocol Proof of Concept I tried that in Remix and it isn't compiling Tools Used manual Recommended Mitigation Steps remove the code and write to manual slice the amounts array Assessed type Other --- The text was updat...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.9 views

add sendBack function to origin when lzReceiveNonBlocking is not executed

Lines of code Vulnerability details Impact lzReceiveNonBlocking won't revert to the ILayerZeroEndpoint.send could lead to that execution on side of send is exectued and execution on side of receieve is not executed. Proof of Concept Tools Used manual view Recommended Mitigation Steps if calls are...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.12 views

if lzReceiveNonBlocking failed to execute , they don't send back ,accumulated msg.value . malicious user drain that

Lines of code Vulnerability details Impact PerformFallBack is gonna fail and msg.value will be accumulated in that BranchBridgeAgent and malicious user can take over them Proof of Concept User deposited and When it's not executed ,user want to retrieve and callRetrieveSettlement ,send message to...

7.4AI score
Exploits0
Rows per page
Query Builder