40 matches found
Incorrect implementation of binary search in _find() in History.sol can make BaseVotingVault.sol break and cannot return correct staleIndex
Lines of code Vulnerability details Impact The binary search implemented in find in History.sol is incorrect and in some cases cannot return a correct stale index, and as a result some functions in baseVotingVault.sol can not work properly like queryVotePower. Although History.sol is not in scope...
SUSE CVE-2013-5619
Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted JavaScript code...
setDrips may distribute the drip too fast if the time hints are not good enough
Lines of code Vulnerability details Impact The setDrips function is used to configure a drip. It can either be withdrawing it, adding a new one, or even managing an existing one by updating the configuration. Internally, it account for the drips that are yet to be distributed to refund them to th...
Infinite Loop Vulnerability in endIdForWithdraw() Function.
Lines of code Vulnerability details Impact While loop within the endIdForWithdraw function. while left time test = left + right / 2; // left test right because left right - 1 if queuetest.availableAt = time left = test; else right = test; This loop can cause an infinite loop if the loop invariant...
Iterations over all tiers in recordMintBestAvailableTier can render system unusable
Lines of code Vulnerability details Impact JBTiered721DelegateStore.recordMintBestAvailableTier potentially iterates over all tiers to find the one with the highest contribution floor that is lower than amount. When there are many tiers, this loop can always run out of gas, which will cause some...
The voting power cannot be returned deterministically, if there are multiple checkpoints sharing the same timestamp
Lines of code Vulnerability details Impact Specifically, when writing a checkpoint, the code does not check whether the latest checkpoint is also in the current block. Consider a user makes multiple times of token transfer, the ERC721Votes contract will record multiple checkpoints with the same...
Past state query results are susceptible to manipulation due to multiple states with same block number
Lines of code https://github.com/code-423n4/2022-0...
SQLbit - Just Another Script For Automatize Boolean-Based Blind SQL Injections
A script for automatize boolean-based blind SQL injections. Works with SQLite at least, supports using cookies. It uses bitwise comparisons with multithreading to find cell values instead of binary search, which is more efficient. It's able to: Search cell values by columns in a table Search...
Rop-Tool - A Tool To Help You Write Binary Exploits
A tool to help you writing binary exploits OPTIONS rop-tool v2.4.1 Help you to make binary exploits. Usage: rop-tool OPTIONS Commands : gadget Search gadgets patch Patch the binary info Print info about binary heap Display heap structure disassemble Disassemble the binary search Search on binary...
WordPress Ultimate Membership Pro 3.3 Plugin - SQL Injection
Exploit for php platform in category web applications Vendor Homepage: http://wpindeed.com/ Software Link: http://codecanyon.net/item/ultimate-membership-pro-wordpress-plugin/12159253 Version: 3.3 Tested on: Debian 8, PHP 5.6.17-3 Type: Unauthenticated Blind SQLi, Unauthenticated Payment Bypass...
WordPress Plugin Ultimate Membership Pro 3.3 - SQL Injection
Vendor Homepage: http://wpindeed.com/ Software Link: http://codecanyon.net/item/ultimate-membership-pro-wordpress-plugin/12159253 Version: 3.3 Tested on: Debian 8, PHP 5.6.17-3 Type: Unauthenticated Blind SQLi, Unauthenticated Payment Bypass Time line: Found 07-Jun-2016, Vendor notified...
AlienVault OSSIM 3.1 Reflected XSS and Blind SQL Injection
No description provided by source. !/usr/bin/python ''' AlienVault has a reflected XSS vulnerability in the url parameter of top.php. Proof of Concept: Enticing a logged in user to visit the following URL where an attacker is hosting an cookie grabber will allow for the hijacking of the user...
SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8657)
Mozilla Firefox has been updated to the 24.2.0 ESR security release. This is a major upgrade from the 17 ESR release branch. Security issues fixed : - Application Installation doorhanger persists on navigation. MFSA 2013-105. CVE-2013-5611 - Miscellaneous memory safety hazards rv:24.2. MFSA...
Mozilla Firefox < 26.0 Multiple Vulnerabilities
Binary data 8070.prm...
CVE-2013-5619
Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted JavaScript code...
Potential overflow in JavaScript binary search algorithms — Mozilla
Compiler Engineer Dan Gohman of Google reported that binary search algorithms in the SpiderMonkey JavaScript engine were prone to overflow in several places, leading to potential out-of-bounds array access. While none of these are known to be directly exploitable, they are unsafe in theory and ha...
SqlInjector : A MS SQL Server Blind Injector !
SqlInjector was originally called as BlindSQLInjector. SqlInjector is an application to perform completely blind SQL injection, that currently supports only MS SQL Server. It uses time based inference to determine true or false conditions to extract data. The key feature is that it uses a binary...
Быстрый Blind SQL Injection.
Быстрый Blind SQL Injection. 1 INTRO Основной проблемой при работе с Blind SQL Injection является огромное количество запросов, которое необходимо послать на сервер для получения символов из БД, и, соответственно, долгое время работы. Понятно, что вручную получать данные из БД практически...
SMF 1.1.3 Extremely fast Blind SQL Injection Exploit
No description provided by source. !/usr/bin/perl Written By Michael Brooks contact: th3dotr00katgmaildotcom SMF 1.1.3 Extremely fast Blind SQL Injection Exploit! -Binary Search -Multi-Threaded -NO benchmark's Two SQL Injection flaws. Works with magicquotesgpc=On or Off. Total Bypass of SMF's SQL...
Simple Machines Forum 1.1.3 Remote Blind SQL Injection Exploit
No description provided by source. !/usr/bin/perl Written By Michael Brooks contact: th3dotr00katgmaildotcom SMF 1.1.3 Extremely fast Blind SQL Injection Exploit! -Binary Search -Multi-Threaded -NO benchmark's Two SQL Injection flaws. Works with magicquotesgpc=On or Off. Total Bypass of SMF's SQL...