The vulnerability of the Visual Difference Application component of the SAP Business Objects Business Intelligence Platform allows a perpetrator to disclose protected information.

The vulnerability of the Visual Difference Application component in the SAP Business Objects Business Intelligence Platform exists due to the failure to take measures to neutralize special elements used in SQL queries. Exploiting this vulnerability can allow a malicious actor, operating remotely,...

Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked

ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked...

User Enumeration via Response Timing

Description There is a significant timing difference in the login functionality for valid and invalid usernames. Proof of Concept Steps to reproduce: 1. Attempt a Login with a valid user and an invalid user and observe the difference in the response time Here is a small test script alternatively ...

User Enumeration via Response Timing

Description There is a significant timing difference in the login functionality for valid and invalid usernames. Proof of Concept 1. Attempt a Login with a valid user and an invalid user and observe the difference in the response time Here is a small test script alternatively we can see the...

User Enumeration via Response Timing

Description There is a significant timing difference in the login functionality of the Nakama Console for valid and invalid email addresses or usernames. Proof of Concept 1. Login to the Nakama Console as admin and create a User [email protected] 2. Logout 3. Attempt a Login with an incorrect passwor...

Emerson Proficy Machine Edition 数据伪造问题漏洞

Emerson Proficy Machine Edition is an application from Emerson, Inc. an automation solution. A data forgery issue vulnerability exists in Emerson Proficy Machine Edition 9.00 and prior versions, which stems from the ability to display logic that differs from the compiled logic...

GHSA-RQMG-HRG4-FM69 Go Ethereum allows attackers to use manipulation of time-difference values to achieve replacement of main-chain blocks

Go Ethereum aka geth through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making RUM, as exploited in the wild in 2020 through 2022...

CVE-2022-37450

Go Ethereum aka geth through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making RUM, as exploited in the wild in 2020 through 2022...

Design/Logic Flaw

Go Ethereum aka geth through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making RUM, as exploited in the wild in 2020 through 2022...

Mozilla: Mouse Position spoofing with CSS transforms

The Mozilla Foundation Security Advisory describes this flaw as: When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed...

Unspecified Vulnerability in Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite

Dell BSAFE Micro Edition Suite is a development toolkit that provides encryption, certificate, and transport layer security for c/c++ applications, devices, and systems.Dell BSAFE is a security software product that supports cryptographic algorithms, certificate chain validation, and Transport...

CVE-2022-32246

SAP Busines Objects Business Intelligence Platform Visual Difference Application - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impac...

CVE-2022-32246

SAP Busines Objects Business Intelligence Platform Visual Difference Application - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impac...

CVE-2022-32246

CVE-2022-32246 affects SAP BusinessObjects BI Platform (Visual Difference Application) and is exploitable via an SQL injection in versions 420 and 430. An authenticated attacker with BI admin console access can send crafted queries to the SQL backend and extract data, causing limited impact on co...

Dell BSAFE 安全漏洞

Dell BSAFE Micro Edition Suite is a development toolkit that provides encryption, certificate, and transport layer security for c/c++ applications, devices, and systems.Dell BSAFE is a security software product that supports cryptographic algorithms, certificate chain validation, and Transport...

Jenkins user enumeration vulnerability

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins suffers from a user enumeration vulnerability that stems from an observable time difference between a valid user a...

No support for fee on transfer tokens

Lines of code Vulnerability details Impact stake will revert for tokens that charge a fee on transfer. Proof of Concept Note: POC below assumes tokePoolContract.depositamount transfers part of Staking.sol balance to tokePoolContract. stake uses the amount as a reference for depositToTokemak and...

Tokens with decimals larger than 18 are not supported

Lines of code Vulnerability details For tokens with decimals larger than 18, many functions across the codebase will revert due to underflow. function getPriceFromDexaddress tokenAddress public view returns uint256 PriceInfo storage priceInfo = priceRecordstokenAddress; if priceInfo.active uint25...

CVE-2022-25638

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sigalgo field differs between the certificateverify message and the certificate message...

Analyzing DevSecOps vs. DevOps

Learn the difference between DevSecOps and DevOps and get tips to smoothly embed security throughout the entire build lifecycle...