21 matches found
EUVD-2007-1044
Malware in sbrugna...
Ransomware review: October 2023
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...
900 U.S. Schools Hit by MOVEit Hack, Exposing Student Data
By Deeba Ahmed Student Data Managing Platform National Student Clearinghouse Confirmed MOVEit Hack Affected 900 US Schools. This is a post from HackRead.com Read the original post: 900 U.S. Schools Hit by MOVEit Hack, Exposing Student Data...
Upgraded Q -> 3 from #460 [1677510923458]
Judge has assessed an item in Issue 460 as 3 risk. The relevant finding follows: Lines of code Vulnerability details Impact The safeTransferFrom function on the ClearingHouse is normally used when an OpenSea auction successfully ends and the required ERC20/WETH have been transferred to the...
ClearingHouse can pass in a malicious payment token
Lines of code Vulnerability details Impact vault loss assets Proof of Concept When the auction is successful the NFT is transferred to the bidder and seaport calls ClearingHouse.safeTransferFrom to trigger the repayment of the debt through the conduit mechanism ClearingHouse.safeTransferFrom -...
LienToken: Lender and liquidator can collude to block auction and seize collateral
Lines of code Vulnerability details If a lender offers a loan denominated in an ERC20 token that blocks transfers to certain addresses for example, the USDT and USDC blocklist, they may collude with a liquidator or act as the liquidator themselves to prevent loan payments, block all bids in the...
Missing Slippage Checks on ClearingHouse._liquidateMaker()
Lines of code Vulnerability details Impact The liquidateMaker function makes a call to AMM.removeLiquidity but does not provide suitable values for minQuote and minBase. As per the @todo, this call is prone to sandwich attacks, resulting in potentially fewer tokens for the maker. Proof of Concept...
ClearingHouse looping over dynamic array might result in a DOS because of the block gas limit
Lines of code Vulnerability details Impact Inside the ClearingHouse contract there are multiple instances where it loops over the dynamic amms array. There is no way looping over a subset of the array or continuing for you left off. Thus, if the array is large enough certain functions won't be...
ClearingHouse fail if too many amm whitelisted
Lines of code Vulnerability details Impact Governance can whitelist amm in ClearingHouse using the whitelistAmm function. Since a lot of function in the ClearingHouse contract will iterate each of the amm in amms and call various amm.function, if too many amm is whitelisted it is possible for tho...
Census Bureau Says Breach Didn't Compromise Sensitive Data
Officials at the United States Census Bureau say that the attackers who compromised one of the bureau’s databases last week did not get access to any confidential information, but only data such as names and phone numbers of organizations that submit information to the Federal Audit Clearinghouse...
Data Breach at University of Tampa Posted Information of 30K Online
A breach at the University of Tampa may have exposed the sensitive information of thousands of students, faculty and staff members, including their names, identification numbers, social security numbers and birth dates, according to a press release posted to their the University’s Web site over t...
FBI Reports Malware on Rise in Electronic Funds Fraud
The FBI reports it has seen a rise of malware over the past few months targeting small and medium businesses and municipal government entities and school districts. Once a malicious attachment or link is opened, keylogging tactics obtain bank account info where criminals then initiate wire...
Google: Cooperation Needed to Combat Malicious Ads
GENEVA — A more comprehensive and serious level of cooperation among industry leaders is needed to help stop the scourge of malicious Web ads and botnets that result from the infected PCs, a top Google executive said Wednesday. Eric Davis, the head of anti-malvertising at Google, speaking to a...
Code injection
Distributed Checksum Clearinghouse DCC 1.3.65 allows remote attackers to cause a denial of service crash via a "SOCKS flood."...
CVE-2007-5481
Distributed Checksum Clearinghouse DCC 1.3.65 allows remote attackers to cause a denial of service crash via a "SOCKS flood."...
CVE-2007-5481
CVE-2007-5481 affects Distributed Checksum Clearinghouse (DCC) 1.3.65. The vulnerability allows remote attackers to cause a denial of service (crash) via a "SOCKS flood" over the network. The provided documents do not include exploitation details or a listed remediation/patch.
CVE-2007-5481
Distributed Checksum Clearinghouse DCC 1.3.65 allows remote attackers to cause a denial of service crash via a "SOCKS flood."...
Distributed Checksum Clearinghouse unauthorized management
No description provided...
Design/Logic Flaw
Unspecified vulnerability in Distributed Checksum Clearinghouse DCC before 1.3.51 allows remote attackers to delete or add hosts in /var/dcc/maps...
CVE-2007-1047
Unspecified vulnerability in Distributed Checksum Clearinghouse DCC before 1.3.51 allows remote attackers to delete or add hosts in /var/dcc/maps...