31 matches found
Malicious code in tusya-fsd-frsdeaf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 953e652e356eb427c251a547165fc633f760d151a8733ee2d90c37a7bd15fef0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-147394
Malicious code in tusya-fsd-frseaf npm...
EUVD-2025-147393
Malicious code in tusya-fsd-frssdeaf npm...
EUVD-2025-147392
Malicious code in tusya-fsd-sdeaf npm...
EUVD-2025-147395
Malicious code in tusya-fsd-frsdeaf npm...
fuse-backend-rs (>=0.10.5 <=0.12.0), linux-loader (>=0.8.0 <=0.9.0) +6 more potentially affected by CVE-2023-41051 via vm-memory (>=0.10.0 <=0.11.0)
vm-memory CARGO version =0.10.0, =0.10.5, =0.8.0, =0.6.0, =0.8.0, =0.7.0, =0.4.0, =0.2.0, =1.5.1, =1.6.1 Source cves: CVE-2023-41051 Source advisory: OSV:GHSA-49HH-FPRX-M68G...
Tesla Jailbreak Bypass SOME Paid Features, Except FSD
By Deeba Ahmed The technical details of these findings will be unveiled at Black Hat USA on Wednesday, August 9, 2023. This is a post from HackRead.com Read the original post: Tesla Jailbreak Bypass SOME Paid Features, Except FSD...
LinkedIn: IDOR to make someone attend or leave an event
An Insecure Direct Object Reference IDOR vulnerability was discovered in LinkedIn's event attendance functionality. The vulnerability allowed an attacker to manipulate event attendance by modifying the fsdprofile parameter in POST requests to the voyagerScheduledcontentDashViewerStates API...
FSDVesting.updateVestedTokens doesn't have any control modifiers and anyone can increase vested amount for a beneficiary
Handle hyh Vulnerability details Impact In current implementation all vesting beneficiaries can increase their vested amounts unlimitedly by calling updateVestedTokensmyfsdvestingaddress, anyamounttobeaddedtovesting. Beneficiary can then surpass vesting schedule by calling claimVestedTokens It wi...
FSDVesting: Restrict updateVestedTokens() calls to only FSD token contract
Handle hickuphh3 Vulnerability details Impact The updateVestedTokens increases the amount of tokens to be vested for a beneficiary. There is no access restriction to the function. The intended total vesting duration is 30 months with a 12-month cliff where 5% is immediately unlocked, and the...
FSDVesting: Claiming tributes should call FSD token's corresponding functions
Handle hickuphh3 Vulnerability details Impact The claiming of staking and governance tributes for the a beneficiary's vested tokens should be no different than other users / EOAs. However, the claimTribute and claimGovernanceTribute are missing the actual claiming calls to the corresponding...
Incorrect type conversion in the contract ABC makes users unable to burn FSD tokens
Handle shw Vulnerability details Impact The function calculateDeltaOfFSD of contract ABC incorrectly converts an int256 type parameter, reserveDelta, to uint256 by explicit conversion, which in general results in an extremely large number when the provided parameter is negative. The extremely lar...
Flash minting and burning can reduce the paid fees when purchasing a membership or opening a cost share request
Handle shw Vulnerability details Impact Users can pay fewer FSD tokens when purchasing a membership or opening a cost share request by flash minting and burning FSD tokens, which could significantly affect the FSD spot price. Proof of Concept The function getFSDPrice returns the current FSD price...
pendingWithdrawals not decreased after a withdraw
Handle shw Vulnerability details Impact The variable pendingWithdrawals in the contract Withdrawable is not decreased after the function withdraw is called, which causes the return value of function getReserveBalance less than it should be. This bug could cause incorrect results in several critic...
Incorrect type conversion in the contract ABC makes users unable to burn FSD tokens
Handle shw Vulnerability details Editing on a previous post to correct some details Impact The function calculateDeltaOfFSD of contract ABC incorrectly converts an int256 type parameter, reserveDelta, to uint256 by explicit conversion, which in general results in an extremely large number when th...
Call to swapExactTokensForETH in liquidateDai() will always fail
Handle 0xRajeev Vulnerability details Impact liquidateDai calls Uniswap’s swapExactTokensForETH to swap Dai to ETH. This will work if msg.sender, i.e. FSD contract, has already given the router an allowance of at least amount on the input token Dai. Given that there is no prior approval, the call...
Incorrect use of _addTribute instead of _addGovernanceTribute
Handle 0xRajeev Vulnerability details Impact The addRegistrationTributeGovernance function is called by the FSD network to update tribute when 7.5% is contributed towards governance as part of purchaseMembership. However, this function incorrectly calls addTribute as done in addRegistrationTribut...
FSD 2.052/3.000 servinterface.cc servinterface::sendmulticast Function PIcallsign Command Remote Overflow
No description provided by source. source: http://www.securityfocus.com/bid/25883/info FSD is prone to multiple remote buffer-overflow vulnerabilities because the application fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit these issues to execute arbitrary...
FSFDT v3.000 d9 - (HELP) Remote Buffer Overflow Exploit
No description provided by source. $ nc -l -p 4321 Microsoft Windows 2000 Version 5.00.2195 C Copyright 1985-2000 Microsoft Corp. E:\draft\fsd1110\windows ------------------------------------------- !/usr/bin/perl FSFDT remote exploit by weakatfraglab.at spawns reverse shell to 10.0.0.100:4321...
FSD 2.052/3.000 sysuser.cc sysuser::exechelp Function HELP Command Remote Overflow
No description provided by source. source: http://www.securityfocus.com/bid/25883/info FSD is prone to multiple remote buffer-overflow vulnerabilities because the application fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit these issues to execute arbitrary...