EUVD-2024-40853

Malicious code in bioql PyPI...

Give footnotes the boot

I hate footnotes1, and hopefully by the end of this, you will too. Let's get down to it… The UX of footnotes in printed media You, the reader, encounter a tiny number2 within some prose. This indicates to you that I, the writer, have something more to say on this topic. And, for your inconvenienc...

CVE-2024-36407 SuiteCRM unauthenticated user password reset on php7

SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is...

Lack of flexibility in updating cycle length leading to potential contract redeployment.

Lines of code Vulnerability details Impact function cycleOfuint32 timestamp private view returns uint32 cycle unchecked return timestamp / cycleSecs + 1; and function currCycleStart private view returns uint32 timestamp uint32 currTimestamp = currTimestamp; // slither-disable-next-line weak-prng...

Sherlock: Decouple yield strategy with withdrawals

Handle GreyArt Vulnerability details Impact If there are funds remaining in an old strategy, there is only 1 way to claim those funds which is through Sherlock.updateYieldStrategy . It is quite an inconvenience to do this. Recommended Mitigation Steps Create an additional function to allow anyone...

Concrete CMS < 8.5.6 Multiple Vulnerabilities

Concrete CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:concretecms:concretecms"; if...

CVE-2021-22953

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team"...

CVE-2021-22949

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team"...

Cross site request forgery (csrf)

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team"...

Cross site request forgery (csrf)

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team"...

CVE-2021-22953

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team"...

CVE-2021-22953

Concrete CMS CVE-2021-22953 is a CSRF flaw affecting version 8.5.5 and earlier. The vulnerability allows an attacker to clone topics, causing UI inconvenience and potential disk-space exhaustion. Affected product/version: Concrete CMS 8.5.5 and below. Root cause: cross-site request forgery in top...

CVE-2021-22949

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team"...

CVE-2021-22949

CVE-2021-22949 is a CSRF in Concrete CMS versions 8.5.5 and earlier that allows an attacker to duplicate files, causing UI issues and potential disk-space exhaustion. The root cause is cross-site request forgery affecting file-duplication functionality; no exploit details are provided beyond this...

ZSQL: Account Lock Time

The PASSWORDLOCKTIME parameter specifies the number of days an account will be locked after the specified number of consecutive failed login attempts. If the account lock time exceeds the value of PASSWORDLOCKTIME default: one day, the system automatically unlocks the user. Larger parameter value...

Mixmax: Design issue with webhook (several) notifications on mixmax.com

Hi team, I noticed a design problem involving successive notifications about an incorrect webhook set at https://app.mixmax.com/dashboard/settings/rules I set an incorrect webhook for testing on this page and in a few hours I received more than 10 notifications. This can cause a certain...

Millions of Passwords leaked from Social Site Formspring

Formspring, a social Q&A website popular with teenagers,this week disabled its users' passwords after discovering a security breach. Formspring founder and CEO Ade Olonoh apologized to users for the inconvenience, and advised them to change their passwords when they log back into Formspring. A bl...

Facebook down for two hours across Europe, May be DDOS attack !

Facebook down for two hours across Europe, May be DDOS attack ! In a DDoS attack, hackers deliberately render servers inaccessible by overloading them with traffic. Such a barrage aimed at DNS servers can make it impossible to connect users to a website when they type the address. Where as facebo...

DDOS attack on LIME's Internet system

DDOS attack on LIME's Internet system LIME says the majority of the customers experiencing degradation in their broadband services over the past few days are now back online and connecting at normal speeds. LIME says the type of attack is known in technology circles as a distributed denial of...

Fixing a Security Problem Isn't Always the Right Answer

An unidentified man breached airport security at Newark Airport on Sunday, walking into the secured area through the exit, prompting an evacuation of a terminal and flight delays that continued into the next day. This problem isn’t common, but it happens regularly. The result is always the same,...