10 matches found
CVE-2025-10643
Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Wondershare Repairit. Authentication is not required to exploit this vulnerability. The specific flaw exists...
NetScaler-13.1-EPA scan failed with "Error while parsing client security configuration"
EPA scan failed with "Error while parsing client security configuration" in EPA log. ---------------------------- 2025-02-19 09:03:50.706 | 21708 | DEBUG | D | PRE AUTH EPA | token: |^M 2025-02-19 09:03:50.706 | 21708 | DEBUG | D | PRE AUTH EPA | Policy MACADDRanyofF8BXXXXXX28A returned 2004 |^M...
Cross-Site Request Forgery (CSRF)
moodle/moodle is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to an incorrect CSRF token check in the bulk message sending feature of the Feedback module's non-respondents report, allowing an attacker to execute unauthorized actions...
CVE-2024-43434
The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability...
CVE-2024-38276 moodle: CSRF risks due to misuse of confirm_sesskey
Incorrect CSRF token checks resulted in multiple CSRF risks...
Moodle 安全漏洞
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. Moodle suffers from a cross-site request forgery vulnerability that stems from incorrect CSRF token checking, which can be exploited by...
Read-only reentrancy is possible
Lines of code Vulnerability details Impact The agToken might be minted wrongly as rewards due to the reentrancy attack. Proof of Concept There are redeem/swap logics in the transmuter contract and all functions don't have a nonReentrant modifier. So the typical reentrancy attack is possible durin...
CVE-2023-30543 `chainId` may be outdated if user changes chains as part of connection in @web3-react
@web3-react is a framework for building Ethereum Apps . In affected versions the chainId may be outdated if the user changes chains as part of the connection flow. This means that the value of chainId returned by useWeb3React may be incorrect. In an application, this means that any data derived...
Upgraded Q -> M from #234 [1668465995897]
Judge has assessed an item in Issue 234 as M risk. The relevant finding follows: 1.LBToken: In the burn function, beforeTokenTransfer uses incorrect from and to. Burning tokens should be transferred to 0 address. Proof of Concept Recommended Mitigation Steps beforeTokenTransfer account, address0,...
Fedora 26 : php (2017-0af85ae851)
PHP version 7.1.11 26 Oct 2017 Core: - Fixed bug php75241 NULL pointer dereference in zendmmallocsmall. Laruence - Fixed bug php75236 infinite loop when printing an error-message. Andrea - Fixed bug php75252 Incorrect token formatting on two parse errors in one request. Nikita - Fixed bug php7522...