718 matches found
Design/Logic Flaw
The price oracle in PriceOracle.sol in Compound Finance Compound Price Oracle 1.0 through 2.0 allows a price poster to set an invalid asset price via the setPrice function, and consequently violate the intended limits on price swings...
CVE-2019-20809
CVE-2019-20809 affects Compound Finance’s PriceOracle.sol (Compound Price Oracle 1.0–2.0). A price poster can call setPrice to set an invalid asset price, violating intended swing limits and potentially manipulating downstream pricing. Exploitation details are not provided in the connected docume...
CVE-2019-20809
The price oracle in PriceOracle.sol in Compound Finance Compound Price Oracle 1.0 through 2.0 allows a price poster to set an invalid asset price via the setPrice function, and consequently violate the intended limits on price swings...
Beijing Chain Home Real Estate Brokerage Co. Chain Home app suffers from denial-of-service vulnerability
Chain Home App is an official client of Chain Home, a large-scale real estate leasing and trading website. Chain Home App provides services of second-hand houses, new houses, rental houses, real estate finance and wealth management, real estate appraisal and other business types. There is a...
Targeted Phishing Attacks Successfully Hacked Top Executives At 150+ Companies
In the last few months, multiple groups of attackers successfully compromised corporate email accounts of at least 156 high-ranking officers at various firms based in Germany, the UK, Netherlands, Hong Kong, and Singapore. Dubbed 'PerSwaysion,' the newly spotted cyberattack campaign leveraged...
Advanced Persistent Threat 2020 - Golden_hands (DE|EU)
Document Title: =============== Advanced Persistent Threat 2020 - Goldenhands DE|EU References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2256 Document: https://www.vulnerability-lab.com/resources/documents/2256.rar Magazine Article:...
L'Oréal L'Oréal Finance app has unauthorized access vulnerability
L'Oréal Finance app is the news app of L'Oréal Group, which allows users to browse the latest L'Oréal Group financial information in English and French on L'Oréal Finance. An unauthorized access vulnerability exists in the L'Oréal L'Oréal Finance app. An attacker could exploit the vulnerability t...
Amid COVID-19, Global Orgs See a 148% Spike in Ransomware Attacks; Finance Industry Heavily Targeted
Cyber criminals often exploit fear and uncertainty during major world events by launching cyberattacks. These attacks are often performed with social engineering campaigns leveraging malicious emails that lure victims to install malware that steals financial data and other valuable personal...
Cumulative Update 54 for Microsoft Dynamics NAV 2016 (Build 51811)
Cumulative Update 54 for Microsoft Dynamics NAV 2016 Build 51811 This article applies to Microsoft Dynamics NAV 2016 for all countries and all language locales. An information disclosure vulnerability exists if Microsoft Dynamics Business Central/NAV on-premises does not correctly hide the value ...
Cumulative Update 28 for Microsoft Dynamics NAV 2018 (Build 41920)
Cumulative Update 28 for Microsoft Dynamics NAV 2018 Build 41920 This article applies to Microsoft Dynamics NAV 2018 for all countries and all language locales. An information disclosure vulnerability exists if Microsoft Dynamics Business Central/NAV on-premises does not correctly hide the value ...
Cumulative Update 53 for Microsoft Dynamics NAV 2016 (Build 51775)
Cumulative Update 53 for Microsoft Dynamics NAV 2016 Build 51775 This article applies to Microsoft Dynamics NAV 2016 for all countries and all language locales.A remote code execution vulnerability exists in Microsoft Dynamics NAV. A user who has the permission to access certain features that...
U.S. Finance Sector Hit with Targeted Backdoor Campaign
The financial services sector in the U.S. found itself under a barrage of cyberattacks last month, all bent on delivering a powerful backdoor called Minebridge. The attack chain employed a known method called “VBA Stomping” to avoid detection. According to researchers at FireEye, the campaigns,...
Centreon 19.10.5 Remote Command Execution
Exploit Title: Centreon 19.10.5 - 'Pollers' Remote Command Execution Date: 2020-01-27 Exploit Author: Omri Baso, Fabien Aunay Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7.7 CVE : - Centreon 19.10.5 Remote Comma...
Centreon 19.10.5 - Pollers Remote Command Execution
Centreon 19.10.5 - Pollers Remote Command Execution Exploit Title: Centreon 19.10.5 - 'Pollers' Remote Command Execution Date: 2020-01-27 Exploit Author: Omri Baso, Fabien Aunay Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested...
Centreon 19.10.5 - 'Pollers' Remote Command Execution
Exploit Title: Centreon 19.10.5 - 'Pollers' Remote Command Execution Date: 2020-01-27 Exploit Author: Omri Baso, Fabien Aunay Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7.7 CVE : - Centreon 19.10.5 Remote Comma...
Centreon 19.10.5 - Database Credentials Disclosure
Centreon 19.10.5 - Database Credentials Disclosure Exploit Title: Centreon 19.10.5 - Database Credentials Disclosure Date: 2020-01-27 Exploit Author: Fabien AUNAY, Omri Baso Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on:...
Centreon 19.10.5 Remote Command Execution
Exploit Title: Centreon 19.10.5 - Remote Command Execution Date: 2020-01-27 Exploit Author: Fabien AUNAY, Omri BASO Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7 CVE : - Centreon 19.10.5 Remote Command Execution...
Centreon 19.10.5 - Database Credentials Disclosure Vulnerability
Exploit for php platform in category web applications Exploit Title: Centreon 19.10.5 - Database Credentials Disclosure Exploit Author: Fabien AUNAY, Omri Baso Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7 CVE :...
Centreon 19.10.5 - Database Credentials Disclosure
Exploit Title: Centreon 19.10.5 - Database Credentials Disclosure Date: 2020-01-27 Exploit Author: Fabien AUNAY, Omri Baso Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7 CVE : - Centreon 19.10.5 Database...
sp-finance.e-monsite.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1055195 Security Researcher g0bl1nsec Helped patch 3768 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting sp-finance.e-monsite.com...