7 matches found
PatchFuzz: Patch Fuzzing for JavaScript Engines
Patch fuzzing is a technique aimed at identifying vulnerabilities that arise from newly patched code. While researchers have made efforts to apply patch fuzzing to testing JavaScript engines with considerable success, these efforts have been limited to using ordinary test cases or publicly...
CryptosLabs Scam Ring Targets French-Speaking Investors, Rakes in €480 Million
Cybersecurity researchers have exposed the workings of a scam ring called CryptosLabs that's estimated to have made €480 million in illegal profits by targeting users in French-speaking individuals in France, Belgium, and Luxembourg since April 2018. The syndicate's massive fake investment scheme...
Lack of input validation to check whether the tokenId of the NFT exists or not - this lead to misallocation of fee earned
Lines of code Vulnerability details Impact In the distributeFees function, there is no input validation to check whether the tokenId of the NFT exists or not. If a caller inputs tokenId that does not exist, the fee earned will be added to the balance of tokenId that does not exist. Although this...
Yield of LiquidityReserve can be stolen
Lines of code Vulnerability details Impact Using sandwich attacks and JIT Just-in-time liquidity, the yield of LiquidityReserve could be extracted for liquidity providers. Proof of Concept The yield of LiquidityReserve is distributed when a user calls instantUnstakeReserve in Staking. Then, in...
User rewards stop accruing after any _writeCheckpoint calling action
Lines of code Vulnerability details Any user balance affecting action, i.e. deposit, withdraw/withdrawToken or getReward, calls writeCheckpoint to update the balance records used for the earned reward estimation. The issue is that writeCheckpoint always sets false to voted flag for the each new...
youve-earned-it.co.za Cross Site Scripting vulnerability OBB-1372445
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Description of the security update for SharePoint Server 2019: November 12, 2019
Description of the security update for SharePoint Server 2019: November 12, 2019 Summary This security update resolves an information disclosure vulnerability that exists in Microsoft SharePoint if an attacker uploads a specially crafted file to the SharePoint Server. To learn more about the...