Potential front-running attacks in buy function

Lines of code Vulnerability details Impact The buy function generates new trays and stores them in the tiles mapping based on the value of lastHash. Since the value of lastHash is publicly accessible and can be predicted, an attacker could potentially front-run other users to mint specific trays...

Sql injection

A vulnerability classified as critical has been found in code-projects Responsive Hotel Site 1.0. Affected is an unknown function of the file messages.php of the component Newsletter Log Handler. The manipulation of the argument title leads to sql injection. It is possible to launch the attack...

Fastly VDP: CVE-2018-6389 exploitation - using scripts loader

Vulnerability description not provided...

Design/Logic Flaw

A vulnerability classified as critical has been found in SourceCodester Simple Music Player 1.0. Affected is an unknown function of the file savemusic.php. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been...

New Vishing Attack Spreading FakeCalls Android Malware

By Habiba Rashid The malware campaign was noted to target users in South Korea. This is a post from HackRead.com Read the original post: New Vishing Attack Spreading FakeCalls Android Malware...

CVE-2023-1447

A vulnerability, which was classified as problematic, has been found in SourceCodester Medicine Tracker System 1.0. Affected by this issue is some unknown functionality of the file app/?page=medicines/managemedicine. The manipulation of the argument name/description with the input alert'2' leads ...

CVE-2021-21548

CVE-2021-21548 affects Dell EMC Unisphere for PowerMax family: PowerMax OS Release 5978, and Unisphere for PowerMax/Virtual Appliance releases prior to 9.1.0.27. The flaw is improper certificate validation in TLS, allowing an unauthenticated remote attacker to mount a man-in-the-middle attack by ...

CVE-2021-21548

Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual Appliance versions before 9.1.0.27, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerabilit...

Regular Expression Denial Of Service (ReDoS)

rack is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists because the parsehttpacceptheader function in request.rb does not properly sanitize the header due to an insecure REGEX pattern, which may allow an attacker to cause an application crash by parsing a...

WooCommerce Weight Based Shipping < 5.5.0 - Settings Update via CSRF

The plugin does not have a CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...

WP-Advanced-Search <= 3.3.8 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Reentrancy in validateTransaction function

Lines of code Vulnerability details Impact The contract can be called by an attacker several times until the money are depleted. The contract owner may suffer financial damages as a result of this vulnerability. Description The validateTransaction function in line 66-71 accepts external calls and...

Adobe Experience Manager URL Redirection Vulnerability

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A URL...

Adobe Experience Manager URL Redirection Vulnerability (CNVD-2023-45904)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A URL...

Adobe Substance 3D Stager Out-of-Bounds Read Vulnerability (CNVD-2023-41873)

Adobe Substance 3D Stager is a virtual 3D studio from the American company Audobee Adobe. Adobe Substance 3D Stager suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause a memory leak...

Remote code execution

A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious input to trigger this vulnerability...

CVE-2023-27494 Streamlit Cross-site Scripting vulnerability

Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...

CVE-2022-43606

A use-of-uninitialized-pointer vulnerability exists in the Forward Open connectionmanagemententry functionality of EIP Stack Group OpENer development commit 58ee13c. A specially-crafted EtherNet/IP request can lead to use of a null pointer, causing the server to crash. An attacker can send a seri...

Denial Of Service (DoS)

IBM MQ is vulnerable to Denial Of Service DoS. The vulnerability allows an attacker to send specially crafted PCF or MQSC messages which causes an application crash...

Adobe Substance 3D Stager SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...