294 matches found
The fallback receiver address could get twice the toSend amount
Handle s1m0 Vulnerability details In that block of code there are 2 external call inside a try/catch statements. In both the catch the toSend amount is transferred to the fallback receiver address effectively transferring twice if the 2 external call fail. Impact In the fulfill function the...
GHSA-M6CP-VXJX-65J6 SessionListener can prevent a session from being invalidated breaking logout
Impact If an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application us...
SnitchDNS - Database Driven DNS Server With A Web UI
SnitchDNS is a database driven DNS Server with a Web UI, written in Python and Twisted, that makes DNS administration easier with all configuration changed applied instantly without restarting any system services. One of its main features is the logging of all DNS queries allowing the discovery o...
WordPress Catch Breadcrumb Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Catch Breadcrumb is a breadcrumb navigation plugin that is used to display the current location of a web page. A cross-site scripting...
CVE-2020-12054
The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter a search query. Also affected are 16 themes if the plugin is enabled by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise...
CVE-2020-12054
The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter a search query. Also affected are 16 themes if the plugin is enabled by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise...
Cross site scripting
The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter a search query. Also affected are 16 themes if the plugin is enabled by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise...
CVE-2020-12054
The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter a search query. Also affected are 16 themes if the plugin is enabled by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise...
CVE-2020-12054
CVE-2020-12054 affects the WordPress Catch Breadcrumb plugin prior to 1.5.4 and is a reflected XSS via the s parameter (search query). The vulnerability also extends to 16 themes from the same author when the plugin is enabled (Alchemist, Izabel, Chique, Clean Enterprise, Bold Photography, Intuit...
Catch Breadcrumb < 1.5.7 - Unauthenticated Reflected XSS
=== DESCRIPTION - REFLECTED XSS ======================================== Catch Breadcrumb 1.5.4 plugin for WordPress allow Reflected XSS via a search query when used with one of the theme from the same author: Alchemist & Alchemist PRO, Izabel & Izabel PRO, Chique & Chique PRO, Clean Enterprise &...
WordPress Catch Breadcrumb plugin <= 1.5.6 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress Catch Breadcrumb plugin versions = 1.5.6. Solution Update the WordPress Catch Breadcrumb plugin to the latest available version at least 1.5.7...
Catch Breadcrumb < 1.5.7 - Unauthenticated Reflected XSS
=== DESCRIPTION - REFLECTED XSS ======================================== Catch Breadcrumb 1.5.4 plugin for WordPress allow Reflected XSS via a search query when used with one of the theme from the same author: Alchemist & Alchemist PRO, Izabel & Izabel PRO, Chique & Chique PRO, Clean Enterprise &...
PoS Malware Exposes Customer Data of Catch Restaurants
Popular NYC restaurants Catch NYC, Catch Roof and Catch Steak discovered and removed malware on their point-of-sale PoS systems — but not before it exposed credit-card information from unknowing diners. Catch Hospitality Group, which owns the three NYC hotspots, said in a data-breach notice this...
Fix for UB in failure to catch panics crossing FFI boundaries
Affected versions of this crate failed to catch panics crossing FFI boundaries via callbacks, which is a form of UB. This flaw was corrected by this commit1 which was included in version 2.6.0. 1: https://github.com/jnqnfe/pulse-binding-rust/commit/7fd282aef7787577c385aed88cb25d004b85f494...
RUSTSEC-2019-0038 Fix for UB in failure to catch panics crossing FFI boundaries
Affected versions of this crate failed to catch panics crossing FFI boundaries via callbacks, which is a form of UB. This flaw was corrected by this commit1 which was included in version 2.6.0. 1: https://github.com/jnqnfe/pulse-binding-rust/commit/7fd282aef7787577c385aed88cb25d004b85f494...
WAVM Buffer Over-Read Vulnerability
WAVM is the WebAssembly Virtual Machine. A heap buffer over-read vulnerability exists in IR::FunctionValidationContext::catchall in WAVM 2018-07-26 and earlier versions, which can be exploited by an attacker to cause a denial of service application crash by sending a specially crafted file...
await vs return vs return await
When writing async functions, there are differences between await vs return vs return await, and picking the right one is important. Let's start with this async function: async function waitAndMaybeReject // Wait one second await new Promiser = setTimeoutr, 1000; // Toss a coin const isHeads =...
await vs return vs return await
When writing async functions, there are differences between await vs return vs return await, and picking the right one is important. Let's start with this async function: async function waitAndMaybeReject // Wait one second await new Promiser = setTimeoutr, 1000; // Toss a coin const isHeads =...
Sky Catchers App has an overstepping access vulnerability
Daily Catch App is an O2O crane catching software. Daily Catch App has an over-the-horizon access vulnerability that allows an attacker to log into the system and obtain sensitive information by catching packets and modifying IDs...
VHostScan - Virtual Host Scanner
A virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. First presented at SecTalks BNE in September 2017 slidedeck. Key Benefits Quickly highlight unique content in catch-all scenarios Locate the outliers in catch-all scenarios whe...