CVE-2022-23080

In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery SSRF in the media upload functionality which allows a low privileged user to perform internal network port scans...

Redeem function can silently fail

Lines of code Vulnerability details Impact During the code review, It has been observed that return value of redeem function is not checked. Redeem operation can silently fail and the protocol can expect It is successfully executed. From compound, the comment can be seen from below. CErc20 / CEth...

Server side request forgery (ssrf)

In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery SSRF, in the “Import Recipe” functionality. When an attacker enters the localhost URL, a low privileged attacker can access/read the internal file system to access sensitive information...

ETH rescue does not work

Lines of code Vulnerability details Impact Both contracts InfinityExchange and InfinityStaker have a function rescueETH to allow an admin to rescue any ETH accidentally sent to the contracts. However, this ETH rescue functionality does not work. The code expects ETH to be sent to this function an...

All withdrawal functionality is paused when contract is paused

Lines of code Vulnerability details Impact When the strategy contract is paused, all withdrawal functionality will be paused. Based on the comments in MyStrategy.sol and baseStrategy.sol, withdrawToVault should not be affected by the pause functionality. This is not the case due to the...

WordPress Plugin iQ Block Country IP Spoofing Attack Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. An IP spoofing attack vulnerability exists in WordPress plugin iQ Block Country version 1.2.13 and prior versions, which stems from not properly...

REDCap 跨站脚本漏洞

REDCap is a data collection and management web application. A security vulnerability exists in REDCap version 12.0.11, which stems from a stored cross-site scripting XSS issue in ProjectGeneral/editprojectsettings.php. An authenticated, remote attacker can exploit this vulnerability to inject...

Siemens SICAM GridEdge Resource Leakage Vulnerability

SICAM GridEdge enables your existing IEC61850 devices to have IoT functionality with just a few clicks.A resource leak vulnerability exists in Siemens SICAM GridEdge, which stems from the fact that the affected software discloses the password hash of another user upon request, which can be...

Design/Logic Flaw

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details...

CVE-2022-31046 Information Disclosure via Export Module in TYPO3 CMS

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details...

CVE-2020-36541

A vulnerability was found in Demokratian. It has been rated as critical. Affected by this issue is some unknown functionality of the file basicosphp/generaselect.php. The manipulation of the argument idprovincia with the input -1%20union%20all%20select%201,2,3,4,database leads to sql injection. T...

Upgraded Q -> M from 268 [1654474507101]

Judge has assessed an item in Issue 268 as Medium risk. The relevant finding follows: High feeRate can break core protocol function PROBLEM There is no maximum input value on setFee in Cally.sol. But if the owner sets it to a uint greater than 1e18, the users will not be able to call exercice as...

SMB-Session-Spoofing - Tool To Create A Fake SMB Session

Welcome! This is a utility that can be compiled with Visual Studio 2019 or newer. The goal of this program is to create a fake SMB Session. The primary purpose of this is to serve as a method to lure attackers into accessing a honey-device. This program comes with no warranty or guarantees. Progr...

CVE-2020-36541 Demokratian genera_select.php sql injection

A vulnerability was found in Demokratian. It has been rated as critical. Affected by this issue is some unknown functionality of the file basicosphp/generaselect.php. The manipulation of the argument idprovincia with the input -1%20union%20all%20select%201,2,3,4,database leads to sql injection. T...

PT-2025-26092

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel's Bluetooth functionality has been identified. When the HCI work queue is drained, only queue chained work is allowed, but another delayed work can...

Gauge Functionalities Still Accessible After Being "Killed"

Lines of code Vulnerability details Proof-of-Concept The Voter contract contains a killGauge function that allow the emergency council to kill a gauge. The killGauge function will set the isAlive mapping to false. Thus, calling Voter's functions e.g. Voter.updateGauge, Voter.distributegauge again...

CVE-2022-1882

A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe postonenotification after freepipeinfo that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system...

CVE-2022-1882

A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe postonenotification after freepipeinfo that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system...

[R3] Nessus Version 10.2.0 Fixes Multiple Vulnerabilities

R3 Nessus Version 10.2.0 Fixes Multiple Vulnerabilities Arnie Cabral Thu, 05/26/2022 - 09:30 Nessus leverages third-party software to help provide underlying functionality. Several of the third-party components zlib, expat, jQuery UI were found to contain vulnerabilities, and updated versions hav...

EulerOS 2.0 SP3 : binutils (EulerOS-SA-2022-1706)

According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An out-of-bounds flaw was found in binutils stabs functionality. The attack needs to be initiated locally where an attacker could convince a...