Relying on string comparisons to determine which parameter to update in the file() function is brittle and could lead to unintended consequences.

Lines of code Vulnerability details Impact This can allow unintentionally changing sensitive state variables Proof of Concept The vulnerability arises because: file relies on a simple string comparison of the what parameter to determine which state variable to update. A developer could accidental...

Unchecked return value of low level

Lines of code Vulnerability details In the code you provided earlier, there is a potential "Unchecked return value of low-level call" vulnerability in the following line: addressstrategy.delegatecallabi.encodeWithSignature"harvest"; This line of code uses the delegatecall function to invoke the...

Unchecked Arithmetic Allows Nonce Replay

Lines of code Vulnerability details Vulnerability details The problem is the unchecked increment operation: ++nonce.value;. When nonce.value is already at its maximum value 2^256 - 1, incrementing it will wrap around to zero due to integer overflow. This means that if an attacker sends a...

Lack of balance checks in the depositGivenInputAmount function

Lines of code Vulnerability details Impact Lack of balance checks in the depositGivenInputAmount function can lead to various unpredictable consequences due to the breach of requirement "The pool's ratio of y to x must be within the interval MINM, MAXM". Proof of Concept The depositGivenInputAmou...

Teens Hacked Boston Subway’s CharlieCard to Get Infinite Free Rides—and This Time Nobody Got Sued

In 2008, Boston’s transit authority sued to stop MIT hackers from presenting at the Defcon hacker conference on how to get free subway rides. Today, four teens picked up where they left off...

Out-of-Bounds Write

firefox is vulnerable to Out-of-Bounds Write. An attacker could exploit this vulnerability to execute arbitrary code on a victim's system, which could allow the attacker to steal data, install malware, or take control of the system. This could have serious consequences for the victim, such as...

Exploit for Improper Access Control in Citrix Sharefile_Storage_Zones_Controller

ShareFile RCE CVE-2023-24489 This is a Python script that e...

You can expand your version of well in Aquifer.boreWell() with unpredictable results

Lines of code Vulnerability details Impact boreWell takes an implementation parameter. This parameter is not checked in any way. Thus, the user can pass any of his parameters and expand his well option. This can lead to unpredictable consequences. Proof of Concept 1. The user creates his own...

Updated sofia-sip packages fix security vulnerability

The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. CVE-2023-32307...

Over Half of Security Leaders Lack Confidence in Protecting App Secrets, Study Reveals

It might come as a surprise, but secrets management has become the elephant in the AppSec room. While security vulnerabilities like Common Vulnerabilities and Exposures CVEs often make headlines in the cybersecurity world, secrets management remains an overlooked issue that can have immediate and...

CVE-2023-34108 Manipulation of Internal Dovecot Variables in mailcow via crafted Passwords

mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration. A vulnerability has been discovered in mailcow which allows an attacker to manipulate internal Dovecot variables by using specially crafted...

CVE-2023-29747

Story Saver for Instragram - Video Downloader 1.0.6 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the...

Code injection

Story Saver for Instragram - Video Downloader 1.0.6 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the...

CVE-2023-29747

Story Saver for Instragram - Video Downloader 1.0.6 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the...

CVE-2023-29747

Story Saver for Instragram - Video Downloader 1.0.6 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the...

CVE-2023-29732

SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the application is opened. Dependi...

Code injection

SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the application is opened. Dependi...

CVE-2023-29732

SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the application is opened. Dependi...

CVE-2023-29732

SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the application is opened. Dependi...

Man used brother’s credentials to steal $4.8M seized Bitcoin

By Waqas Gary James Harmon, a 31-year-old man from Cleveland, Ohio, has been sentenced to four years and three months… This is a post from HackRead.com Read the original post: Man used brothers credentials to steal $4.8M seized Bitcoin...