Lucene search
K

24 matches found

OSSF Malicious Packages
OSSF Malicious Packages
•added 2025/10/06 10:53 a.m.•5 views

Malicious code in gnosis-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 42112b8b2e7c96d9c3a5a188bebf3539cba140ccfdcc721ea9952259b8893721 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
•added 2025/01/22 4:30 p.m.•3 views

Malicious code in gnosis-twitter-bot (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4fa831de5fb56848d866a78f8271a5eed9a6d13355f5f41d8986ea89e3a3c314 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSV
•added 2025/01/22 4:30 p.m.•2 views

MAL-2025-335 Malicious code in gnosis-twitter-bot (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4fa831de5fb56848d866a78f8271a5eed9a6d13355f5f41d8986ea89e3a3c314 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
Code423n4
Code423n4
•added 2024/01/08 12:0 a.m.•15 views

Miscalculation of OLAS Amount Due to Inaccurate LP Token Price in Specific Bonding Mechanism Scenarios

Lines of code Vulnerability details Impact Incorrect valuation of the LP Token price can result in either an excess issuance of OLAS Tokens, causing a loss to the protocol, or a lower issuance of OLAS Tokens, leading to losses for the user. Proof of Concept The prototype of the create function in...

7AI score
Exploits0
Code423n4
Code423n4
•added 2024/01/08 12:0 a.m.•11 views

TRANSACTION EXECUTION IS DoS IN THE CROSS-CHAIN GOVERNANCE CONTRACTS AND IN THE GNOSIS SAFE COMMUNITY MULTISIG TRANSACTION CHECKS SINCE THE WRONG payload IS EXTRACTED FROM THE data BYTES ARRAY

Lines of code Vulnerability details Impact The GuardCM.verifyBridgedData function is used to verify the bridged data for authorized combinations of targets and selectors in the Gnosis Safe community multisig. The data payload is passed into the verifyBridgedData function which is then unpacked...

7.4AI score
Exploits0
Code423n4
Code423n4
•added 2024/01/08 12:0 a.m.•11 views

THE EXECUTION OF THE GOVERNANCE ACTIONS (CONTINOUS TRANSACTIONS PACKED TOGETHER) ON GNOSIS CHAIN COULD DoS, IF A SINGLE MALICIOUS target CONTRACT REVERTS THE TRANSACTION

Lines of code Vulnerability details Impact In the HomeMediator.processMessageFromForeign function the data variable is passed into the function. The issue here is that set of continuous transactions can be packed into a single buffer and executed in the function. The data variable is parsed insid...

7.2AI score
Exploits0
Code423n4
Code423n4
•added 2023/10/20 12:0 a.m.•25 views

The same console addresses on other chains can be captured by compromised or malicious owner

Lines of code Vulnerability details Impact The same order of owners addresses lets generate the same console address on all chains. But any owner from the list can deploy console accounts on other chains with threshold parameter equals 1 and then change owners in these accounts, i.e. capture thes...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/10/20 12:0 a.m.•17 views

Executor can effectively bypass _checkSubAccountSecurityConfig by adding a new Module

Lines of code Vulnerability details Impact An Executor is an account authorized to perform module execution on a subAccount through the ExecutorPlugin. Gnosis Safe Modules manage to bypass the entire guard logic Safe 1.5 has that new guard hook, but there's also no hook logic done in Brahma. For...

7.5AI score
Exploits0
Code423n4
Code423n4
•added 2023/10/20 12:0 a.m.•9 views

Signed data may be usable cross-chain

Lines of code Vulnerability details Impact The function validatePreTransactionOverridable, which Validates a txn on guard before execution, for Brahma console accounts.takes one parameter "txParams" which is of type SafeTransactionParams Struct, if we look at that struct members : struct...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/10/20 12:0 a.m.•35 views

Cross-Chain Signature Replay Attack

Lines of code Vulnerability details Impact 1. User operations can be replayed on smart accounts accross different chains. This can lead to user's loosing funds or any unexpected behaviour that transaction replay attacks usually lead to. 2. Mistakes made on one chain can be re-applied to a new...

7.2AI score
Exploits0
Code423n4
Code423n4
•added 2023/10/20 12:0 a.m.•34 views

Malicious Module can change the policy commit of a Gnosis Safe console Account

Lines of code Vulnerability details Impact The overall design of the Gnosis safe allows for the addition of a Module, modules are smart contracts that extend the ability of the Gnosis safe, which means that a module can be setup in such a way that it can perform actions that is meant to improve t...

7.3AI score
Exploits0
Code423n4
Code423n4
•added 2023/10/20 12:0 a.m.•8 views

Lack of Input Validation on threshold and _owners

Lines of code Vulnerability details Impact Unvalidated inputs can lead to unexpected contract behaviors, including but not limited to, incorrect configurations, locked funds, or erroneous operations. In extreme cases, it could also lead to security vulnerabilities if malicious actors can exploit...

7.5AI score
Exploits0
Code423n4
Code423n4
•added 2023/06/26 12:0 a.m.•12 views

A Dutch trade could end up with an unintended lower closing price

Lines of code Vulnerability details Impact notTradingPausedOrFrozen that is turned on and off during an open Dutch trade could have the auction closed with a lower price depending on the timimg, leading to lesser capability to boost the Rtoken and/or stRSR exchange rates as well as a weakened...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/06/22 12:0 a.m.•9 views

In case when not all RSR was sold on auction users can loose it

Lines of code Vulnerability details Impact In case when not all RSR was sold on auction users can loose it, if era was changed for them. Proof of Concept The purpose of StRSR stakers is to provide RSR tokens, that can back system in case if not enough collateral is present. During rebalance,...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/01/09 12:0 a.m.•13 views

Attacker can take control over each SmartAccount proxy and steal all users' funds

Lines of code Vulnerability details Attacker can take control over each SmartAccount proxy and steal all users' funds Impact All users' funds can be stolen by a single attacker tx gas cost only Proof of Concept There are 2 main reasons for this vulnerability: The .checkSignatures in...

7.2AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/21 12:0 a.m.•10 views

Upgraded Q -> M from 696 [1666361742731]

Judge has assessed an item in Issue 696 as Medium risk. The relevant finding follows: L05 - Usage of trasfer over call to send Ether could cause unexpected Reverts payablepayAddress.transferpayAmt; // royalty transfer to royaltyaddress The function payEther sends ether via transfer which passes a...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/18 12:0 a.m.•11 views

Upgraded Q -> M from 270 [1655579826704]

Judge has assessed an item in Issue 270 as Medium risk. The relevant finding follows: Gas stipend for payable.send may be too low for contract wallets ETH withdrawals in both the minter and token contracts use payableaddress.send to transfer ether to the vault address. If the configured vault is ...

6.8AI score
Exploits0
0day.today
0day.today
•added 2017/02/27 12:0 a.m.•21 views

Joomla Gnosis 1.1.2 Component - id Parameter SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla! Component Gnosis v1.1.2 - SQL Injection Google Dork: inurl:index.php?option=comgnosis Date: 25.02.2017 Vendor Homepage: http://hypermodern.org/ Software :...

7.1AI score
Exploits0
Packet Storm
Packet Storm
•added 2017/02/26 12:0 a.m.•53 views

Joomla Gnosis 1.1.2 SQL Injection

Exploit Title: Joomla! Component Gnosis v1.1.2 - SQL Injection Google Dork: inurl:index.php?option=comgnosis Date: 25.02.2017 Vendor Homepage: http://hypermodern.org/ Software : https://extensions.joomla.org/extensions/extension/directory-a-documentation/glossary/gnosis/ Demo:...

0.1AI score
Exploits0
exploitpack
exploitpack
•added 2017/02/25 12:0 a.m.•14 views

Joomla! Component Gnosis 1.1.2 - id SQL Injection

Joomla! Component Gnosis 1.1.2 - id SQL Injection Exploit Title: Joomla! Component Gnosis v1.1.2 - SQL Injection Google Dork: inurl:index.php?option=comgnosis Date: 25.02.2017 Vendor Homepage: http://hypermodern.org/ Software :...

Exploits0
Rows per page
Query Builder