3386 matches found
Windows/x86 - XOR/DEC/NOT/ROR encrypted / encoded + null free reverse tcp Shellcode (840 bytes)
Windows/x86 - XOR/DEC/NOT/ROR XDNR encrypted / encoded + null free reverse tcp 192.168.201.11:4444 Shellcode 840 bytes / \ / /\ \ \ \ \ \ / | | \ / | | / / \ | / | \ | \ //\ / /| /| / / / / / X0R Cryptor with DEC/N0T/R0R encoder plus random byte insertion Author: @xen0vas / include...
PYSEC-2022-197
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...
PYSEC-2022-197
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...
CVE-2022-24788 Buffer overflow in Vyper
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...
CVE-2022-24788 Buffer overflow in Vyper
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...
Vyper 缓冲区错误漏洞
Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper before 0.3.2, which stems from the fact that importing a function from a JSON interface that returns bytes generates bytecode with an unlimited byte length, potentially resulting in a buffer overflow...
PT-2022-16880 · Vyper · Vyper
Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.3.2 Description: The issue arises when importing a function from a JSON interface that returns bytes, generating bytecode that does not clamp the bytes length, potentially resulting in a buffer overrun. There are no...
Tesla, Guitar, and Cybersecurity
In the first episode of Unplugged Bytes, Sarfaraz Kazi welcomes Hugh Njemanze to share his interests in Tesla, guitar, and cybersecurity. Hugh is President a...
GHSA-7VRM-3JC8-5WWM Incorrect Comparison in Vyper
Impact bytestrings can have dirty bytes in them, resulting in the word-for-word comparison to give incorrect results, e.g. vyper b1: Bytes32 = b"abcdef" b1 = sliceb1, 0, 1 b2: Bytes32 = b"abcdef" t: bool = b1 == b2 incorrectly evaluates to True even without dirty nonzero bytes, because there is n...
PYSEC-2022-196
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one en...
Design/Logic Flaw
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one en...
CVE-2022-24787 Incorrect Comparison in Vyper
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one en...
CVE-2022-24787 Incorrect Comparison in Vyper
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one en...
Vyper 安全漏洞
Vyper is the Pythonic smart contract language for EVM. Vyper suffers from a security vulnerability that stems from the possibility of dirty bytes in the byte test ring in version 0.3.1 and earlier, causing word-by-word comparisons to give incorrect results. Even in the absence of dirty non-zero...
expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...
Improper Verification of Cryptographic Signature in node-forge
Impact RSA PKCS1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. Patches The issue has been...
DEBIAN-CVE-2022-24772
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed an...
CVE-2022-24771
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses...
CVE-2022-24772
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed an...
Code injection
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed an...