Automatic Question Paper Generator System SQL注入漏洞

Automatic Question Paper Generator System is an automatic question paper generator system by Carlo Montero Personal Developer. A SQL injection vulnerability exists in SourceCodester Automatic Question Paper Generator System version 1.0, which stems from a problem with the file...

VISAM VBASE 代码问题漏洞

VISAM VBASE is a data acquisition and monitoring system from VISAM Germany. A code issue vulnerability exists in VISAM VBASE Automation Base prior to version 11.7.5, which stems from an improper restriction on XML external entity references, and can be exploited by an attacker to trick a user int...

Missing totalFunds update in LiquidityPool's OpenShort(), causing LiquidityPool token holder to lose a portion of their token value

Lines of code Vulnerability details The function openShort in LiquidityPool.sol is missing an update to totalFunds, to increase LiquidityPool funds by the collected net fees. Impact As a result of the missing increment to totalFunds, the availableFunds in the LiquidityPool will be lower. This wil...

The price fee for fusion characters is incorrect.

Lines of code Vulnerability details Vulnerability details Price fee for fusion characters is incorrect. According to the docs Fusing To fuse a namespace NFT, the user specifies the trays and the tiles offsets within the trays to use. Note that the whole tray is always burned, even if you only use...

Discourse 代码问题漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. A code issue vulnerability exists in Discourse. An attacker exploits this vulnerability to bypass server-side request forgery SSRF protection using IPv4-mapped IPv6...

Users cant withdraw S1 or S2 Citizens if no timelockEndTime is associated with it

Lines of code Vulnerability details Impact Users cant withdraw S1 or S2 Citizens if no timelockEndTime is associated with it. As the same logic is applied in the withdrawLP function, this is not intended behavior. Currently, there are no allowances for a S1 or S2 Citizen to withdraw their asset i...

SAP NetWeaver 代码问题漏洞

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform primarily provides a development and runtime environment for SAP applications. A code issue vulnerability exists in SAP NetWeaver version 7.50 that originates from allowing an...

CVE-2023-0888 Authenticated eval injection in B. Braun Space Battery pack SP with Wi-Fi

An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device...

Guizhou 115cms 代码问题漏洞

115cms is a multi-module intelligent website builder from Guizhou Forxin Technology 115cms Company in China. Guizhou 115cms version 4.2 has a code issue vulnerability, the vulnerability stems from the file /admin/content/index.html in the problem, will lead to unrestricted upload...

Accounting for totalTicketsForReferrersPerDraw is not correct in referralRegisterTickets

Lines of code Vulnerability details Impact When referralRegisterTickets is called, accounting for totalTicketsForReferrersPerDraw is not correct. totalTicketsForReferrersPerDraw for currentDraw should be updated when unclaimed tickets for referrer meets the minimun eligible criterial in currentDr...

If random number is too low, the lottery not completely random

Summary Random numbers below a certain limit will always return at least one rightmost bit, while numbers above this limit will return random bits. Explanation: 1. The winning ticket is generated based on an array of numbers generated by module randomNumber to selectionMax-n.:...

CVE-2023-26489 Guest-controlled out-of-bounds read/write on x86_64 in wasmtime

wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x8664 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit effective address. This bug mea...

Mozilla Firefox Code Problem Vulnerability (CNVD-2023-55355)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a code issue vulnerability that stems from a lack of notifications when entering full-screen mode within an application, which can be exploited by attackers to cause...

Upgraded Q -> 3 from #148 [1677186744098]

Judge has assessed an item in Issue 148 as 3 risk. The relevant finding follows: Lines of code Vulnerability details Impact Detailed description of the impact of this finding. buyoutLien in LienToken.sol failes to update the new PublicVault's slope, yIntercept, and s.epochData....liensOpenForEpoc...

K43871899: binutils vulnerability CVE-2018-1000876

Security Advisory Description binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfdgetdynamicrelocupperbound,bfdcanonicalizedynamicreloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. Th...

KUMAFeeCollector.changePayees() executes incorrectly when newPayees contains duplicate items

Lines of code Vulnerability details Impact When calling KUMAFeeCollector.changePayees with duplicate payees in newPayees, the call is not reverted and the result state will be incorrect. Proof of Concept Contract KUMAFeeCollector does not support duplicate payees. The transaction will revert when...

SwingTraderManager.addSwingTrader will push traderId with active = false to activeTraders

Lines of code Vulnerability details Impact In SwingTraderManager.addSwingTrader, if active = false, the traderId is also pushed to activeTraders. function addSwingTrader uint256 traderId, address swingTrader, bool active, string calldata name external onlyRoleMaltADMINROLE, "Must have admin privs...

SAP BusinessObjects Business Intelligence Platform 代码问题漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and enable fast, ea...

SAP Business Planning and Consolidation 代码问题漏洞

SAP Business Planning and Consolidation is a business planning and consolidation software from SAP, Germany. The software provides budgeting, forecasting, and financial consolidation capabilities. A code issue vulnerability exists in SAP Business Planning and Consolidation version 200, version 30...

GSD-2023-1001873 efi: fix potential NULL deref in efi_mem_reserve_persistent

efi: fix potential NULL deref in efimemreservepersistent This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.11 by commit...