PT-2022-16692 · Unknown · Abacus-Ext-Cmdline

Name of the Vulnerable Software and Affected Versions: abacus-ext-cmdline versions all Description: The issue is related to Command Injection via the execute function due to improper user-input sanitization. This allows for potential command injection attacks. Recommendations: For all versions,...

Anyone can use funds in GroupBuy.sol to buy the NFTs for themselves

Lines of code Vulnerability details The GroupBuy contract allows users to pool their funds in order to buy specific NFTs once enough funds have been raised. The purchace function does not do any caller authorization and allows the caller to pass in an arbitrary address for executing the buy. The...

Reentrancy attack on fee transferring

Lines of code Vulnerability details Vulnerability details Description There is execute function in the Exchange smart contract. The function matches two orders, ensuring the validity of the match, transfers the order fees, etc. When transferring fees, the contract just makes a call to the...

EVERY TIME ONCE _execute FUNCTION COMPLETED NEED TO SET isOpen TO 0. OTHERWISE WE CAN CALL EXECUTE FUNCTIONS MULTIMPLE TIMES.

Lines of code Vulnerability details Impact IN THIS WAY WE CAN CALL AND EXECUTE FUNCTIONS MULTIPLE TIMES . EVERY TIME BEFORE CALL EXECUTE NEED TO CALL INITIALIZE FUNCTIONS. Proof of Concept function executeInput calldata sell, Input calldata buy public payable reentrancyGuard internalCall...

Cross-functional re-entrancy resulting in stealing any additional/extra ether sent by the execute() 's caller

Lines of code Vulnerability details Impact The contract Exchange.sol has execute function which can be called by anyone to execute a single buy and sell order. The function calls execute then returnDust. The latter sends the unrequired ether back to the caller. However, a malicious actor could...

Left ERC20/ETH can be withdrawn by anyone

Lines of code Vulnerability details Impact Any remaining balance can be used by anyone. This can impact on users who transfers directly to the protocol by mistake. Proof of Concept If any user by mistake transfers ERC20/ETH directly not through the ERC20EnabledLooksRareAggregator or execute...

calling execute() may lead to stealing funds if some ERC20 is stuck on the contract

Lines of code Vulnerability details Impact if some tokens is sent erroneously or not to the contract, anyone that calls correctly LooksRareAggregator.execute will be able to steal those coins. to execute the function using ethers as payment, these conditions must be true: there is at least a trad...

calling execute() may lead to stealing funds if some ETH is stuck on the contract

Lines of code Vulnerability details Impact if some Ether is sent erroneously or not to the contract, anyone that calls correctly LooksRareAggregator.execute will be able to steal those coins. to execute the function using ethers as payment, these conditions must be true: there is at least a trade...

The execute() function of SeaportProxy.sol will always fail.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. While L69 of SeaportProxy.sol is successful in preventing the function being called by a contract other than the LooksRareAggregator, unfortunately, the current implementation will fail the calling from...

Payable with no way of taking funds out / using msg.value can lock funds

Lines of code Vulnerability details Impact External execute function may lock funds --- The text was updated successfully, but these errors were encountered: All reactions...

Command Injection

snyk-go-plugin is vulnerable to command injection. The vulnerability exists in execute function of sub-process.js because shell for child processes is not properly disabled which allows an attacker to run arbitrary commands on the host system...

## [H2] Multicall can be called by a malicious contract after executing a malicious delegatecall

Lines of code Vulnerability details Impact Multicall can be called though a malicious delegate call controlling all function in a vault. PoC This is related to a bug I had reported MIMOProxy can be PWNED by a malicious delegate call where I explain that storage variables can be set in delegate...

Cross-site Scripting (XSS)

org.apache.jspwiki:jspwiki is vulnerable to cross-site scripting. The vulnerability exists in execute function in Denounce.java because the Denounce's link parameter URIs are not properly validated which allows an attacker to inject and execute a specifically crafted link parameter to gain access...

Cross-site Scripting (XSS)

jspwiki-main is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of sanitization in the startDay attribute in the execute function of WeblogPlugin.java, allowing an attacker to inject and execute malicious javascript through the maliciously crafted WeblogPlugin...

Cesanta MJS 缓冲区错误漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are a small footprint and simple C/C++ interoperability. A security vulnerability exists in Cesanta MJS mJS: Restricted JavaScript engine...

delegatecall() modify merkleRoot, vault may lose all

Lines of code Vulnerability details Impact If the vault contract delegatecall the malicious contract by execute，the important variable merkleRoot can be modified. If the merkleRoot is set well designed, the vault will lose all tokens. Because, there are two main requirements for function execute ...

Queued proposals cannot be executed in GovernorBravoDelegate.sol

Lines of code GovernorBravoDelegate.solL63 Vulnerability details Impact In GovernorBravoDelegate.sol's queue function, the executed value for the proposal to be queued is set to true. The execute function in GovernorBravoDelegate.sol will revert when called since the state of the proposal is...

GHSA-4XRW-WVMQ-8JMH OS Command Injection in node-key-sender

node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute' function...

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline as demonstrated by execute in Vim and assert_fails or nvim_input in Neovim.

...

node-key-sender command injection vulnerability

node-key-sender is a module that sends keyboard events to the operating system. A command injection vulnerability exists in node-key-sender 1.0.11 and earlier. An attacker can exploit this vulnerability to execute arbitrary commands via the 'arrParams' parameter in the 'execute' function...