14 matches found
Bastet: A Fine-Grained Expert-Labeled Dataset for DeFi Smart Contract Vulnerability Detection
Smart contract vulnerabilities in Decentralized Finance DeFi protocols resulted in over 1.49 billion USD in confirmed losses in 2024 alone, across 192 incidents 1. As LLM-based vulnerability detection emerges as a promising approach to address these threats, the quality of evaluation datasets has...
secureflow
AI-Powered Smart Contract Security Scanner An automated block...
SmartPoC: Generating Executable and Validated PoCs for Smart Contract Bug Reports
Smart contracts are prone to vulnerabilities and are analyzed by experts as well as automated systems, such as static analysis and AI-assisted solutions. However, audit artifacts are heterogeneous and often lack reproducible, executable PoC tests suitable for automated validation, leading to...
1 PoCo: Agentic Proof-Of-Concept Exploit Generation for Smart Contracts
Smart contracts operate in a highly adversarial environment, where vulnerabilities can lead to substantial financial losses. Thus, smart contracts are subject to security audits. In auditing, proof-of-concept PoC exploits play a critical role by demonstrating to the stakeholders that the reported...
FORGE: an LLM-Driven Framework for Large-Scale Smart Contract Vulnerability Dataset Construction
High-quality smart contract vulnerability datasets are critical for evaluating security tools and advancing smart contract security research. Two major limitations of current manual dataset construction are 1 labor-intensive and error-prone annotation processes limiting the scale, quality, and...
ZOHO ManageEngine ADAudit Plus 安全漏洞
ZOHO ManageEngine ADAudit Plus is used by ZOHO USA, Inc. to simplify auditing, demonstrate compliance and detect threats. A security vulnerability exists in ZOHO ManageEngine ADAudit Plus 8510 and prior versions, which stems from an authenticated SQL injection in service account audit reports...
initialize function can be front run
Lines of code Vulnerability details Impact Initialize function have the potential of front running by a malicious actor. An attacker can front-run the deployer and takeover the contract by setting itself as the owner in the Contract. Taking ownership will result in carrying out malicious acts tha...
Unspecified Vulnerability in Oracle Fusion Middleware Oracle Platform Security for Java Component
Oracle Fusion Middleware Oracle Fusion Middleware is a set of Oracle's business innovation platform for enterprise and cloud environments that provides middleware, software collections, and other capabilities.Oracle Platform Security for Java is one of the Java Platform Security for Java is one o...
EMC NetWorker information leakage
Cleartext password in audit reports...
ESA-2013-072: EMC NetWorker Information Disclosure Vulnerability
ESA-2013-072.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-072: EMC NetWorker Information Disclosure Vulnerability EMC Identifier: ESA-2013-072 EMC Identifier: NW152441 CVE Identifier: CVE-2013-3285 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected products...
Adaudit Plus Online Demo CSRF / Poor Password Passing
================================================================================================================================================= ADAUDIT PLUS ON-LINE DEMO TomCat Directory Listing / CSRF / Password field Submited using GET Method / OPTIONS Method...
Plesk Small Business Manager 10.2.0 and Site Editor - Multiple Vulnerabilities
Plesk Small Business Manager 10.2.0 and Site Editor - Multiple Vulnerabilities XSS + SQL Injection in Plesk Small Business Manager 10.2 + Site Editor Vendor: Plesk Small Business Manager 10.2 + Site Editor Product Description URL http://www.parallels.com/products/small-business-panel/ Date:...
Plesk Small Business Manager 10.2.0 and Site Editor - Multiple Vulnerabilities
XSS + SQL Injection in Plesk Small Business Manager 10.2 + Site Editor Vendor: Plesk Small Business Manager 10.2 + Site Editor Product Description URL http://www.parallels.com/products/small-business-panel/ Date: 2010-09-17 Author : David Hoyt – http://cloudscan.me Contact : [email protected] Home...
Plesk Small Business Manager 10.2 Cross Site Scripting / SQL Injection
XSS + SQL Injection in Plesk Small Business Manager 10.2 + Site Editor Vendor: Plesk Small Business Manager 10.2 + Site Editor Product Description URL http://www.parallels.com/products/small-business-panel/ Date: 2010-09-17 Author : David Hoyt – http://cloudscan.me Contact : [email protected] Home...