BossCMS Security Breach

Wenzhou Huoyin Information Technology BossCMS is a content management system based on MySQL architecture of self-developed PHP framework by Wenzhou Huoyin Information Technology. A security vulnerability exists in BossCMS v.1.3.0, which is caused by improper privilege management. The vulnerabilit...

PT-2023-12750 · Unknown · Tetra Tea1

Name of the Vulnerable Software and Affected Versions: TETRA TEA1 affected versions not specified Description: The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which...

CVE-2023-1076

CVE-2023-1076 describes a Linux kernel flaw in tun/tap initialisation where the socket uid is hardcoded to 0 due to a type confusion. The result can cause tun/tap sockets to be treated as if they have root privileges when filtering/routing decisions are made, potentially bypassing network filters...

Use-After-Free

openssl is vulnerable to Use-After-Free. The vulnerability exists because there is a missing check for the return value from the initialization function which allows an attacker to cause an application crash...

PT-2022-34976 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: A potential memory leak was identified in the rtw init drv sw function of the rtl8723bs driver. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...

Initialization function can be front-run

Lines of code Vulnerability details Detailed description of the impact of this finding: Exchange.sol has initialization function that can be front-run, allowing an attacker to incorrectly initialize the contract. Due to the use of the delegatecall proxy pattern, Exchange.sol cannot be initialized...

Uninitializing Bridge Contracts' State Variables

Lines of code Vulnerability details Vulnerability Details The L1ERC20Bridge and L1EthBridge are implementation contracts that would be delegatecalled by their corresponding proxy contracts. In other words, all state variables and assets would be stored in the proxy contracts. In contrast, the...

OpenZeppelin 安全漏洞

OpenZeppelin is a software application. A standard for secure blockchain applications. A security vulnerability exists in OpenZeppelin Contracts versions 3.2.0 and later through 4.4.1 and earlier, which stems from an exception set to support multiple inheritance that breaks the expectation of a...

OESA-2022-1808 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: trackheader in...

The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.

...

QSAN XEVO 操作系统命令注入漏洞

QSAN XEVO is a flash data management system from QSAN China. Reduces repetitive tasks and provides complete data analysis. A command injection vulnerability exists in QSAN XEVO that stems from the product's INIT function not filtering special elements of user input data. An attacker could use thi...

Denial Of Service(DoS)

Xen is vulnerable to a denial of service, caused by the failure to call the initialization function by the "soft reset" feature. By initializing a "soft reboot", a local attacker could exploit this vulnerability to crash the process monitoring the guest...

RarCrack 0.2 - 'Filename init() .bss' (PoC)

The software can be downloaded here: http://rarcrack.sourceforge.net/ Author: stoke Date: 2010-09-20 Download: http://rarcrack.sourceforge.net/ Tested on: Backtrack 4 Site: http://devilcode.it | http://hack2web.altervista.org Special greetz to: nex, for reassure me when i sayed "WHY EIP IT'S NOT...

QuickCam VC Linux下的设备驱动QCAMVC_Video_Init缓冲区溢出漏洞

QuickCam linux device driver是一款Linux平台下的摄象头设备驱动。 QuickCam包含的初始化函数存在内存破坏，本地攻击者可以利用漏洞执行任意指令，提升特权。 问题存在于如下的函数中： static void qcamvcvideoinitstruct qcamvc qcamvc 由于缺少正确的边界条件检查，可导致内存破坏而执行任意指令。 De Marchi Daniele QuickCam 1.0.9 目前没有解决方案提供： http://digilander.iol.it/demarchidaniele/qcamvc/quickcam-vc.html...