345 matches found
Unused return _launchProjectFor
Lines of code Vulnerability details Impact the function will push the return value on the stack, the caller will then adjust the stack frame accordingly, but won't copy the returned value from the stack into any variable. ignores return value by Proof of Concept The execution of the message call...
FUD-UUID-Shellcode - Another shellcode injection technique using C++ that attempts to bypass Windows Defender using XOR encryption sorcery and UUID strings madness
Introduction Another shellcode injection technique using C++ that attempts to bypass Windows Defender using XOR encryption sorcery and UUID strings madness :. How it works Shellcode generation Firstly, generate a payload in binary format using either CobaltStrike or msfvenom for instance, in...
PT-2022-37214 · Git +1 · Wasmtime
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A crash was reported, with a segmentation fault occurring on an unknown address. The crash state is related to the cranelift filetests::function...
CVE-2022-2314 VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call
The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site...
WordPress VR Calendar plugin < 2.3.1 - Unauthenticated Arbitrary Function Call vulnerability
Unauthenticated Arbitrary Function Call vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress VR Calendar plugin versions 2.3.1. Solution Update the WordPress VR Calendar plugin to the latest available version at least 2.3.1...
VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call
The plugin lets any user execute arbitrary PHP functions on the site. PoC https://example.com/wp-admin/admin-post.php?vrccmd=phpinfo...
Reentrancy for function call before state update
Lines of code Vulnerability details Impact An external call "transfer" is made before updating state data through "setFuses" and "setFuses" does not depend on any data from "transfer". . Proof of Concept Reentrancy is not only an effect of Ether transfer but of any function call on another...
grunt-util-property 0.0.2 function call can add/modify properties of Object.prototype using a __proto__ payload
This affects all versions of package grunt-util-property. The function call could be tricked into adding or modifying properties of Object.prototype using a proto payload...
authRedeem in Marketplace.sol calls nonexistent function
Lines of code Vulnerability details Impact Complete loss of user funds Proof of Concept In L156 and L164 marketplace.sol makes an external call to swivel.authRedeem, but Swivel.sol doesn't contain any function by that name. When calling a nonexistent function in solidity, the call will simply...
IsWrappedFcash check is a gas bomb
Lines of code Vulnerability details Impact In the isWrappedFCash check, the notionalTradeModule check whether the component is a wrappedCash with the following logic. try IWrappedfCashfCashPosition.getDecodedID returnsuint16 currencyId, uint40 maturity try...
CVE-2022-0885
The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments...
User can call liquidate() and steal all collateral due to arbitrary router call
Lines of code Vulnerability details Impact A malicious user is able to steal all collateral of an unhealthy position in PARMinerV2.sol. The code for the liquidate function is written so that the following steps are followed: User calls PARMinerV2.liquidate PARMinerV2 performs the liquidation with...
GSD-2022-1001254 ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
ASoC: atmel: Add missing ofnodeput in at91sam9g20ekaudioprobe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit...
CVE-2022-1020 Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call
The Product Table for WooCommerce wooproducttable WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing...
Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call
The plugin does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or o...
Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call
The plugin does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or o...
Fix of CVE: CVE-2022-0413, CVE-2022-0417, CVE-2022-0408, CVE-2022-0443
CVE-2022-0408: fix stack corruption when looking for spell suggestions - CVE-2022-0413: fix using freed memory when substitute with function call - CVE-2022-0417: fix illegal memory access caused by ':retab 0' - CVE-2022-0443: fix using freed memory with ':lopen' and ':bwipe'...
Exrop - Automatic ROP Chain Generation
Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints Requirements : Triton, ROPGadget Only support for x86-64 for now! Features: handling non-return gadgets jmp reg, call reg set registers rdi=0xxxxxx, rsi=0xxxxxx set register t...
Denial Of Service (DoS)
libgpac is vulnerable to denial of service. The vulnerability exists due to an invalid call in the function gfnodechanged...
GPAC 输入验证错误漏洞
GPAC is an open source multimedia framework. a security vulnerability exists in GPAC, which stems from the discovery that GPAC v1.1.0 contains an invalid call in the function gfnodechanged. An attacker could exploit the vulnerability to cause a denial of service DoS...