79 matches found
CVE-2023-25173
containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be ab...
SUSE CVE-2017-6369
Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so...
_validateSignature should not revert on invalid signature (EIP-4337)
Lines of code Vulnerability details Impact Results in unexpected behavior in the EntryPoint contract. Proof of Concept As said in the official specification of EIP-4337: "If the account does not support signature aggregation, it MUST validate the signature is a valid signature of the userOpHash,...
SmartAccount wallet creation can be backdoored
Lines of code Vulnerability details At wallet creation time, an attacker can temporarily swap the address of the entrypoint to install a backdoor in the form of a registered module in the wallet. Since wallets don't necessarily need to be created by their owners, an attacker can frontrun the wall...
Calling execute() and executeBatch() functions in SmartAccount.sol from the EntryPoint will fail
Lines of code Vulnerability details Impact The function requireFromEntryPointOrOwner is being called within the execute and executeBatch functions to check if the msg.sender is either the owner or the EntryPoint contract, but these functions have onlyOwner modifier, which will only allow the owne...
Signature Replay Attack when EntryPoint contract is changed
Lines of code Vulnerability details Signature Replay Attack when EntryPoint contract is changed Impact User operations can be replayed on smart accounts once the EntryPoint is changed. This can lead to user's loosing funds or any unexpected behaviour that transaction replay attacks usually lead t...
SmartAccountFactory.sol - Account can be created for an owner and setting any entryPoint
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept The entrypoint is being set in the initargs... function of SmartAccount.sol. The problem is that the malicious users could create wallets for legitimate owners of wallets and set the...
Attacker can gain control of counterfactual wallet
Lines of code Vulnerability details A counterfactual wallet can be used by pre-generating its address using the SmartAccountFactory.getAddressForCounterfactualWallet function. This address can then be securely used for example, sending funds to this address knowing in advance that the user will...
CVE-2022-4871
A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. This vulnerability affects the function LoadUsers of the file html/includes/runtime/admin/JSON/LoadUsers.php. The manipulation of the argument sort leads to sql injection. The attack can be initiated remotel...
Sql injection
A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. This vulnerability affects the function LoadUsers of the file html/includes/runtime/admin/JSON/LoadUsers.php. The manipulation of the argument sort leads to sql injection. The attack can be initiated remotel...
CVE-2022-4871 ummmmm nflpick-em.com LoadUsers.php _Load_Users sql injection
A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. This vulnerability affects the function LoadUsers of the file html/includes/runtime/admin/JSON/LoadUsers.php. The manipulation of the argument sort leads to sql injection. The attack can be initiated remotel...
DEBIAN-CVE-2022-36109
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use...
UBUNTU-CVE-2022-36109
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use...
Inefficient Regular Expression Complexity in python/cpython
Description In recent cpython version 31ff9671 I discovered regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. Vulnerability exists in EntryPoint class which is used to parse package/module entry-points. Proof of Concept Simplified PoC based on init.py Python...
Exploit for Race Condition in Openbsd Openssh
PoC exploit for CVE-2018-15473, an OpenSSH username enumeration vulnerability. The target product/service is OpenSSH, and the vulnerability class/vector is username enumeration. The probable entry point is the sshUsernameEnumExploit.py script, which is invoked by the ENTRYPOINT in the Dockerfile...
Linux/x86 - XOR encoded execve(/bin/sh) setuid(0) setgid(0) Shellcode (66 bytes)
Linux/x86 - XOR encoded execve/bin/sh setuid0 setgid0 Shellcode 66 bytes. Shellcode exploit for Linx86 platform ;Title: Linux/x86 - 66 byte - execve/bin/sh - setuid0 - setgid0 - XOR encrypted ;Author: nullparasite ;Contact: [email protected] ;Category: Shellcode ;Architecture: Linux x86...
DEBIAN-CVE-2017-6369
Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so...
UBUNTU-CVE-2017-6369
Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so...
OllyDBG 1.10 and ImpREC 1.7f - Export Name Buffer Overflow
OllyDBG 1.10 and ImpREC 1.7f - Export Name Buffer Overflow ;-------------------------------------------------------------------------; ; OllyDBG v1.10 and ImpREC v1.7f export name buffer overflow vulnerability ; PoC probably older versions affected too, not tested though. ; ; Included shellcode...