EUVD-2006-5184

Malware in sbrugna...

EUVD-2005-3795

Malware in sbrugna...

Exploit for Out-of-bounds Write in Google Chrome

level 1: craft.c - bad.webp bash exist: docker 813b6b757...

A malicious contributor can increase voting power maliciously and eventually steal funds!

Lines of code Vulnerability details Impact Unlimited voting power for attacker and stealing of funds ! Proof of Concept All of the contribute functions uses msg.value to calculate the votingpower . For example , contribute function looks like this : function contribute uint256 tokenId, address...

Possible DOS attack using dust in ReraiseETHCrowdfund._contribute()

Lines of code Vulnerability details Impact Normal contributors wouldn't contribute to the crowdfund properly by a malicious frontrunner. Proof of Concept When users contribute to the ReraiseETHCrowdfund, it mints the crowdfund NFT in contribute. File:...

Earlier bidders get cut out of future NFT holdings by bidders specifying the same price.

Lines of code LOC: Vulnerability details Description In GroupBuy module, users can call contribute to get a piece of the NFT pie. There are two stages in transforming the msg.value to holdings in the NFT. 1. filling at any pricesupply is not yet saturated uint256 fillAtAnyPriceQuantity =...

Groupbuy: _verifyUnsuccessfulState and _verifySuccessfulState both can return true when block.timestamp == pool.terminationPeriod

Lines of code Vulnerability details Impact The functions verifyUnsuccessfulState and verifySuccessfulState should always have a differing behavior with regards to reversion, i.e. when one does not revert, the other should revert. In one condition, this is not true. Namely, when we have pool.succe...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Workaround for CVE-2021-44228 Log4j RCE exploit as a buildpa...

Reconmap - VAPT (Vulnerability Assessment And Penetration Testing) Automation And Reporting Platform

Reconmap is a vulnerability assessment and penetration testing VAPT platform. It helps software engineers and infosec pros collaborate on security projects, from planning, to implementation and documentation. The tool's aim is to go from recon to report in the least possible time. Demo Details on...

Dockerfiles

This repository is a collection of Dockerfiles for CTF Capture The Flag challenges running on SniperOJ. The Dockerfiles are used to build a vulnerable environment for the challenges, which can be solved by participants. The repository contains various challenges, including web-based and pwn...

Jaeles v0.9 - The Swiss Army Knife For Automated Web Application Testing

Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner. Installation Download precompiled version here. If you have a Go environment, make sure you have Go = 1.13 with Go Modules enable and run the following command. GO111MODULE=...

jadx - Dex to Java Decompiler

jadx - Dex to Java decompiler Command line and GUI tools for produce Java source code from Android Dex and Apk files. Building from source git clone https://github.com/skylot/jadx.git cd jadx ./gradlew dist on Windows, use gradlew.bat instead of ./gradlew Scripts for run jadx will be placed in...

WordPress DX Contribute Plugin - Cross Site Request Forgery

This plugin is prone to a cross site request forgery vulnerability. Solution Update the plugin...

DX-Contribute - Cross-Site Request Forgery

The DX-Contribute WordPress plugin was affected by a Cross-Site Request Forgery security vulnerability...

Adobe Contribute Installed

Adobe Contribute, a web publishing and management application, is installed on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62683; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/01/31"; scriptnameenglish:"Adob...

Adobe Contribute Publishing Server Administrator Password Local Disclosure

Adobe Contribute Publishing Server, a web publishing management application, is installed on the remote Windows host. The version of Contribute Publishing Server on the remote host logged a copy of the password specified for the administrator as part of the installation process. A local user may ...

CVE-2006-5199

Adobe Contribute Publishing Server leaks the administrator password in logs that are created during product installation, which allows local users to gain privileges to the server...

CVE-2006-5199

CVE-2006-5199 affects Adobe Contribute Publishing Server running on Windows. The installation logs may contain the administrator password, enabling a local user to gain privileges to the server and potentially access related resources. The public records in the provided documents confirm the leak...

CVE-2006-5199

Adobe Contribute Publishing Server leaks the administrator password in logs that are created during product installation, which allows local users to gain privileges to the server...

CVE-2005-4708

The CVE-2005-4708 entry concerns Adobe Macromedia MX 2004 products, Captivate, Contribute 2/3, and the eLicensing client. The vulnerability arises from the Macromedia Licensing Service being installed with the Users group allowed to configure the service, including the path to the executable. Thi...