No need to stack lend pool to take lendlaunger rewards

Lines of code Vulnerability details Impact Lending lenger give reward tokens to users if they lend their tokens to selected pools. Lendingledger give rewards as weekly and it records user's balance until end of the weekespacially thursday because 1 jan 1970 was thursday. But protocol records can ...

Mageia: Security Advisory (MGASA-2023-0212)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious pausing the contract

Lines of code Vulnerability details Vulnerability details Description There is a function createAuction in Auction contract. It consist the following logic: /// @dev Creates an auction for the next token function createAuction private // Get the next token available for bidding try token.mint...

U.S. Dept Of Defense: Unauthenticated SQL Injection at █████████ [HtUS]

Summary Hi team, I found Unauthenticated SQL Injection at ██████. Because of non-filter and non-escape input at API /api/organizations/, attacker can inject malicious payload after single quote ' to exploit and extract database. Step to Reproduce: Execute Request GET...

Wrong items length assertion in basic order

Lines of code Vulnerability details When fulfilling a basic order we need to assert that the parameter totalOriginalAdditionalRecipients is less or equal than the length of additionalRecipients written in calldata. However in prepareBasicFulfillmentFromCalldata this assertion is incorrect L346: /...

Widespread, Easily Exploitable Windows RDP Bug Opens Users to Data Theft

Remote Desktop Protocol RDP pipes have a security bug that could allow any standard, unprivileged Joe-Schmoe user to access other connected users’ machines. If exploited, it could lead to data-privacy issues, lateral movement and privilege escalation, researchers warned. Insider attackers could,...

Book page text, count, and author/title length is not limited in PocketMine-MP

Impact Players can fill book pages with as many characters as they like; the server does not check this. In addition, the maximum of 50 pages is also not enforced, meaning that players can create "book bombs". This causes a variety of problems: - Oversized NBT on the wire costing excess bandwidth...

Courier: Broken Authentication Session Token Bug

Hi Team Hope your are good I have found a broken authentication issue in https://www.trycourier.app Steps to reproduce 1. Create a courier account or use existing one. 2. Confirm Your email address. 3. Now log out from your account and request for password reset code for your account . 4. Don't u...

Webkit JSC: JIT - Uninitialized Variable Access in ArgumentsEliminationPhase::transform

Webkit JSC: JIT - Uninitialized Variable Access in ArgumentsEliminationPhase::transform https://github.com/WebKit/webkit/blob/94e868c940d46c5745869192d07255331d00102b/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cppL743 case GetByVal: ... unsigned numberOfArgumentsToSkip = 0; if...

Mozilla Spidermonkey - IonMonkey 'Array.prototype.pop' Type Confusion

The following program found through fuzzing and manually modified crashes Spidermonkey built from the current beta channel and Firefox 66.0.3 current stable: // Run with --no-threads for increased reliability const v4 = a: 0, a: 1, a: 2, a: 3, a: 4; function v7v8,v9 if v4.length == 0 v43 = a: 5; ...

Debian DSA-4309-1 : strongswan - security update

Google's OSS-Fuzz revealed an exploitable bug in the gmp plugin caused by the patch that fixes CVE-2018-16151 and CVE-2018-16152 DSA-4305-1. An attacker could trigger it using crafted certificates with RSA keys with very small moduli. Verifying signatures with such keys would cause an integer...

Stellar.org: Exploitable vulnerability in SDEX

Hi, Last Thursday I discovered the exploitable vulnerability in SDEX. I immediately reported the bug directly to Jed by email and he confirmed it. It's all about rounding during trades. You see, I found that orders are always executed if the price matches market, even if the amount is as small as...

Windows Kernel double fetches in win32kfull!xxxImeWindowPosChanged and win32kfull!InternalRebuildHwndListForIMEClass( CVE-2018-0809)

We have noticed the following code in the win32kfull!xxxImeWindowPosChanged function on Windows 10 version 1709 32-bit listing from the IDA Pro disassembler: .text:000485A4 ; try // except at locF3502 .text:000485A4 mov ebp+msexc.registration.TryLevel, 0 .text:000485AB mov eax, ecx .text:000485AD...

Remotely Exploitable Bug in Truecaller Puts Over 100 Million Users at Risk

Security researchers have discovered a remotely exploitable vulnerability in Called ID app "Truecaller" that could expose personal details of Millions of its users. Truecaller is a popular service that claims to "search and identify any phone number," as well as helps users block incoming calls o...

Kaspersky AntiVirus - UPX Parsing Memory Corruption

Kaspersky AntiVirus - UPX Parsing Memory Corruption Source: https://code.google.com/p/google-security-research/issues/detail?id=527 While fuzzing UPX packed files, this crash was discovered resulting in an arbitrary stack-relative write. This vulnerability is obviously remotely exploitable for...

SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2013:0306-1)

Mozilla Firefox is updated to the 10.0.12ESR version. This is a roll-up update for LTSS. It fixes a lot of security issues and bugs. 10.0.12ESR fixes specifically : MFSA 2013-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other...

[Full-disclosure] Oracle Workflow CSS Vulnerability wf_monitor

Dear FD-Reader, The Oracle Critical Patch Update October 2005 provides fixes for 2 Cross-Site- Scripting vulnerabilities in Oracle Workflow found by Red-Database-Security GmbH. I know that the severity and impact of CSS bugs is low. My critical security bugs in Oracle e.g. become DBA via the impo...

Mandrake Linux Security Advisory : kernel (MDKSA-2004:050)

Brad Spender discovered an exploitable bug in the cpufreq code in the Linux 2.6 kernel CVE-2004-0228. As well, a permissions problem existed on some SCSI drivers; a fix from Olaf Kirch is provided that changes the mode from 0777 to 0600. This update also provides a 10.0/amd64 kernel with fixes fo...

Critical: Red Hat Security Advisory: sendmail security update

Updated Sendmail packages that fix a potentially-exploitable vulnerability are now available. Sendmail is a widely used Mail Transport Agent MTA and is included in all Red Hat Enterprise Linux distributions. There is a bug in the prescan function of Sendmail versions prior to and including 8.12.9...

Buffer overflow in awhttpd (Re: Format string bug in awhttpd (Re: [AP] awhttpd v2.2 local DoS))

Hello 3APA3A, OK, format string issue exists only in proposed patch... What about this issue: There are at least 2 buffer overflows with heap corruption, tpbuf can be up to 210 characters while getreqsi is malloc100. Of cause, target file should exist... tpbuf is base dir concatenated with 100...