WordPress plugin Enable Media Replace 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

Upgraded Q -> 2 from #862 [1675430218943]

Judge has assessed an item in Issue 862 as 2 risk. The relevant finding follows: L-1 Function requireNextActiveMultisig always returns the first Multisig Affected code MultisigManager.requireNextActiveMultisig is supposed to return the next enabled Multisig. However it always returns the first...

AddressRegistry can associate same CID to different addresses at the same time

Lines of code Vulnerability details The AddressRegistry contract can associate a CID NFT to an account address. As stated in the contest, the CID NFT can be transferred out of the account that registered it. However, once transferred it can be registered again while keeping the previous...

_squeezeDrips() passed the amount argument in place of amtPerSec for the _addDeltaRange, causing either underflow or the sender losing lots of fund!

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. squeezeDrips passes the amount argument in place of amtPerSec for its callee addDeltaRange in the following line addDeltaRangestate, cycleStart, cycleStart + 1, -int256amt AMTPERSECMULTIPLIER; The last...

FastCMS 代码问题漏洞

FastCMS is a content management system from FastCMS, Inc. A code issue vulnerability exists in FastCMS version 0.1.0, which stems from unknown handling of the component Template Management, resulting in unrestricted uploads...

Any user is able to mint a new receipt/ticket tokens

Lines of code Vulnerability details Impact In the RabbitHoleReceipt and RabbitHoleTickets contracts the minterAddress should be the only account allowed to mint a new token, but due to an error in the onlyMinter modifier all the users are able to mint new tokens without permission, the impact of...

User can open position without depositing tokens

Lines of code Vulnerability details Impact User can mint long/short tokens without depositing anything. This is because the function on LN 172 doesn't check the contents of the returned data from the function, and the function doesn't verify that the contract has indeed received the expected...

user funds loss in withdraw() of StRSR because code don't revert when calculated rsrAmount is zero

Lines of code Vulnerability details Impact Function withdraw in StRSR completes an account's unstaking. but when calculated amount of RSR token is 0 code still burn user draftRSR and returns. This would cause users small amount of deposits to get burned and user won't receive any funds. as withdr...

function withdraw() in StRSR won't update contract state (totalDrafts) in all cases which can cause wrong fund distribution and fund stucking in the contract

Lines of code Vulnerability details Impact Function withdraw complete an account's unstaking. it transfers user draft withdrawals and updates totalDrafts. but when calculated rsrAmount is 0 code returns and won't updates totalDrafts which can cause wrong calculations as those draft items removed...

Proficy Historian 代码问题漏洞

GE Digital Proficy Historian is a powerful tool with storage analysis and data collection capabilities from GE Digital. A code issue vulnerability exists in Proficy Historian v7.0 and prior versions, which arises from a code issue that allows an unauthorized user to change or write files with ful...

CVE-2023-22357

Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacker may read/write in arbitrary area of the device memory, which may lead to overwriting the...

Incorrect management of requested gas amount in EIP-4337 logic

Lines of code Vulnerability details Description According to the EIP-150 call can consume as most 63/64 of parent calls' gas. That means that it is possible to manipulate the gas amount to be passed into calls mentioned in the "Links to affected code" section. Specifically, if the amount of gas...

Talend Open Studio for MDM 代码问题漏洞

Talend Open Studio for MDM is an open source software from Talend Open Source. It provides master data management, data management, integration and data quality in a single platform. A code issue vulnerability exists in Talend Open Studio for MDM that stems from unknown code in the component XML...

iText 代码问题漏洞

iText is an open source library for creating and manipulating PDF files in Java. It is written by Bruno Lowagie, Paulo Soares and others. A code issue vulnerability exists in iText RUPS. An attacker exploits this vulnerability to cause xml external entity references...

Ampache 代码问题漏洞

Ampache is a web-based audio/video application and file manager. A code issue vulnerability exists in Ampache versions prior to 5.5.6 that stems from unrestricted uploading of dangerous types of files...

Reentrancy attack allows to get loan for free

Lines of code Vulnerability details Impact Reentrancy attack allows to get loan for free when startLiquidationAuction is called on last collateral token. Proof of Concept When user has a bad debt, then anyone can start auction for his nft. To purchase token, liquidator can call...

A malicious early user/attacker can manipulate the lpToken's pricePerShare to take an unfair share of future users' deposits

Lines of code Vulnerability details Impact A well known attack vector for almost all shares based liquidity pool contracts, where an early user can manipulate the price per share and profit from late users' deposits because of the precision loss caused by the rather large value of price per share...

in add function forgot to add not zero for minimum lp

Lines of code Vulnerability details Impact problems in the calculation of the system Proof of Concept requirebaseTokenAmount 0 && fractionalTokenAmount 0, "Input token amount is zero"; Tools Used manually Recommended Mitigation Steps add checks like basetoken --- The text was updated successfully...

Unreleased locks cause the reward distribution to be flawed in BondNFT

Lines of code Vulnerability details Impact After a lock has expired, it doesn't get any rewards distributed to it. But, unreleased locks cause other existing bonds to not receive the full amount of tokens either. The issue is that as long as the bond is not released, the totalShares value isn't...

CVE-2022-42859

Multiple issues were addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, watchOS 9.2. An app may be able to bypass Privacy preferences...