EUVD-2019-5353

Malware in sbrugna...

ShopXO 代码问题漏洞

ShopXO is an open source enterprise-level open source e-commerce system from ShopXO Inc. A code issue vulnerability exists in ShopXO version 6.5.0, which stems from the incorrect operation of the parameter params in the file app/admin/controller/Payment.php resulting in unlimited uploads...

BuildKit possible panic when incorrect parameters sent from frontend

...

BuildKit vulnerable to possible panic when incorrect parameters sent from frontend

Impact A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. Patches The issue has been fixed in v0.12.5 Workarounds Avoid using BuildKit frontends from untrusted sources. A frontend image is usually specified as the syntax line on...

The validateCreateOrderHash function is vulnerable to an incorrect token type being provided by the caller

Lines of code Vulnerability details Impact Invalid token types could be used with encoded order info, breaking expectations of the contract. An attacker could create an order hash using different parameters than what is actually encoded in the orderInfo. This could potentially allow the attacker ...

Upgraded Q -> M from #407 [1668467735071]

Judge has assessed an item in Issue 407 as M risk. The relevant finding follows: Incorrect parameters for beforeTokenTransfer hook In LBToken.sol, the beforeTokenTransfer hook has the following parameters: 317: /// @param from The address of the owner of the token 318: /// @param to The address o...

Denial of service attack via incorrect parameters in Matrix Synapse

Impact A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a /sendjoin, /sendleave, /invite or /exchangethirdpartyinvite request. This can lead to a denial of service in which future events will not be correctly sen...

Eaton Intelligent Power Manager (IPM) < 1.68 Multiple Vulnerabilities

Eaton Intelligent Power Manager IPM v1.67 and prior contain multiple vulnerabilities: - Improper Input Validation on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the...

KLA11504 Incorrect parameters parsing vulnerability in Mozilla Firefox

Vulnerability, related to insufficient vetting of parameters passed with the Prompt:Open IPC message was found in Mozilla Firefox. Malicious users can exploit this vulnerability via specially designed website to bypass security restrictions. Original advisories - Related products Mozilla-Firefox...

CVE-1999-1362

CVE-1999-1362 : Affected component is Win32k.sys on Windows NT 4.0 (pre-SP2). Local users can trigger a denial-of-service (crash) by calling certain WIN32K functions with incorrect parameters. The available documents do not provide a root-cause analysis beyond this description, nor any explicit r...