User can continuosly accrue rewards they are not due

Lines of code Vulnerability details Impact It is possible that block.timestamp can be manipulted by a user, thus allowing a malicious user to continuously acrue rewards they are not due, as long as the value is not 0 then rewards will be accrued function userAccrueERC20 producerToken, address use...

SLOT owners lose half their value when there is no sETH deposited to the Syndicate.

Lines of code Vulnerability details Description The Syndicate contract uses total balance as collateral for both sETH accumulatedETHPerFreeFloatingShare and SLOT rewards accumulatedETHPerCollateralizedSlotPerKnot. They are updated in the following function: function updateAccruedETHPerShares publ...

The Company You Keep – Preparing for supply chain attacks with Talos IR

Given the increasing frequency of supply chain attacks, the sophistication of those attacks, and the expansion of the attack surface beyond an organizations direct control, incident preparedness and response activities must be considered in the overall supply chain risk mitigation strategy. Suppl...

MED: isOwner / onlyOwner checks can be bypassed by attacker in ERC721/ERC20 implementations

Lines of code Vulnerability details Description ERC20H and ERC721H are base contracts for NFTs / coins to inherit from. They supply the modifier onlyOwner and function isOwner which are used in the implementations for access control. However, there are several functions which when using these the...

Potential DoS in _claim()

Lines of code Vulnerability details Impact An attacker could call claim in an infinite loop to conduct DoS attack. Proof of Concept Here is the implementation of claim: // User provides the the cToken & the amount they should get, and it is verified against the merkle root for that cToken ///...

CVE-2022-24667

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the parsing of...

Integer overflow

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the parsing of...

CVE-2022-24667

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the parsing of...

Authentication flaw

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a confirmationtoken input during the two-factor authentication process to reference a cache value not associated with the login attempt. In rare cases this can...

Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification

A malicious user can modify the contents of a confirmationtoken input during the two-factor authentication process to reference a cache value not associated with the login attempt. In rare cases this can allow a malicious actor to authenticate as a random user in the Panel. The malicious user mus...

GHSA-5VFX-8W6M-H3V4 Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification

A malicious user can modify the contents of a confirmationtoken input during the two-factor authentication process to reference a cache value not associated with the login attempt. In rare cases this can allow a malicious actor to authenticate as a random user in the Panel. The malicious user mus...

Exploit for SQL Injection in Joomla Joomla\!

CyberspaceSecurityLearning 在学习CTF、网络安全路上整合博客和一些资料，持续更新 置顶tips：如果你也有自己学习路上收集的一些好资料，或者愿意展示自己的优质博客给大家欢迎fork pull request给我（联系邮箱[email protected]） 最新更新时间：2018/3/13 更新内容： 任意用户密码重置（五）：重置凭证可暴破 一些有趣的代码审计“小”题目为CTF-Web-dog提供一些套路 了解SSRF,这一篇就足够了 知识技能表 知道创宇技能表 CTF练习 Writeup 这是我自己从最早入门开始练习的一些题目往下排列的，可能很多当时写的writ...

. NET advanced code audit, the eleventh classes LosFormatter to deserialize vulnerability-vulnerability warning-the black bar safety net

LosFormatter is generally used to serialize and deserialize the Web form page's view statethe ViewState, if you want to put the ViewState through a database or other persistence devices to maintain, it requires the use of specific LosFormatter class to serialize/deserialized. It is encapsulated i...

. NET advanced code audit of the first ten classes ObjectStateFormatter deserialize vulnerability-vulnerability warning-the black bar safety net

0x00 Preface ObjectStateFormatter generally used for serialization and deserialization of the state object graph, such as the commonly used ViewState is through this class to do the serialization, is located in the namespace System. Web. The UI, the advantage is that on the basis of the type stor...

. NET advanced code audit, the eighth classes SoapFormatter deserialization vulnerability-vulnerability warning-the black bar safety net

SoapFormatter formatter and the next lesson introduce the BinaryFormatter formatter are. NET internal implementation of a serialization function classes, SoapFormatter derived directly from the System. The Object, located in the namespace System. Runtime. Serialization. Formatters. Soap, and...

. NET advanced code audit（the first lesson）XmlSerializer deserialization vulnerability-vulnerability warning-the black bar safety net

在.NET in the framework of the XmlSerializer class is a great tool, it is a highly structured XML data is mapped to . NET objects. The XmlSerializer class in the program through a single API call to perform the XML document and the object conversion between. The conversion mapping rules in the . N...

MacOS again appeared vulnerability, known as unbreakable system also has weaknesses-vulnerability warning-the black bar safety net

For convenience of expression, this article will use the first-person manner described. This article describes my in Apple's macOS system kernel found several stack and buffer overflow vulnerabilities, Apple will this several vulnerabilities categorized as the kernel of remote code execution...

CVE-2018-18438

Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value...

The defect-week session of the fourth term: XML external entity injection-vulnerability warning-the black bar safety net

Code audit is the use of static analysis to discover the source code of the security flaws of the method can aid in the development or testing personnel in a software on-line prior to a more comprehensive understanding of its security concerns, preventive measures, and therefore has always been t...

XNU kernel heap overflow due to bad bounds checking in MPTCP(CVE-2018-4241)

mptcpusrconnectx is the handler for the connectx syscall for the APMULTIPATH socket family. The logic of this function fails to correctly handle source and destination sockaddrs which aren't AFINET or AFINET6: // verify salen for AFINET: if dst-safamily == AFINET && dst-salen !=...