10 matches found
cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes
A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server,...
Change owner() function can pass in wrong address and authorize malicious user in Treasury.sol
Lines of code Vulnerability details Impact A Wrong or malicious address can be made owner of the treasury.sol contract which is used to manage the Olas treasury. This is possible because there is no additional function in the treasury.sol Contract which will enable a new Owner actually meant to b...
The treasury address can be updated by the contract owner to point to a malicious address after deployment
Lines of code ttps://github.com/code-423n4/2023-08-goodentry/blob/71c0c0eca8af957202ccdbf5ce2f2a514ffe2e24/contracts/GeVault.solL58 Vulnerability details Impact Any fees or funds sent to the treasury could potentially be stolen or manipulated Proof of Concept The treasury address can be updated b...
The treasury address can be updated by the contract owner to point to a malicious address after deployment
Lines of code Vulnerability details Impact Any fees or funds sent to the treasury could potentially be stolen or manipulated Proof of Concept The treasury address can be updated by the contract owner to point to a malicious address after deployment. This presents a risk as the treasury receives a...
Router can perform swaps, add/remove liquidity to pools that do not belong to the protocol.
Lines of code Vulnerability details Impact Users can lose their funds PoC In UniswapV3 decodeFirstPool returns the tuple address tokenOut, address tokenIn, uint24 fee . From there it lookups the corresponding pool address with getPooltokenIn, tokenOut, fee which may not exist. See However, in you...
Lack of verification for _uri parameter in createContract() function in Escher721Factory contract
Lines of code Vulnerability details Impact The impact of this vulnerability is that an attacker could potentially manipulate the token URI for any given token ID in the Escher721 contract created by the Escher721Factory contract. This could potentially allow the attacker to trick users into...
LBPair swap() can be front-runned, a malicious attacker can call swap with higher gas than a user, getting the user swap amount transferred to the attacker address
Lines of code Vulnerability details Impact In the LBPair.sol contract, when a user calls swap after transferring tokens to the Pair, a malicious attacker can front-run that tx then call swap on the same pair with the parameter to changed to an malicious address of his choice, paying a higher gass...
UC Browser is the presence of man in the middle attacks(MITM)vulnerability that could impact more than a billion devices-vulnerability warning-the black bar safety net
Researchers find UC Browser in the presence of a vulnerable functional block can be exploited by attackers to perform MiTM attacks. Because the UC Browser using the HTTP Protocol to communicate with the server, the transmission information is not encrypted, so the would be attacker hook request...
NetBIOS Response Brute Force Spoof (Direct)
This module continuously spams NetBIOS responses to a target for given hostname, causing the target to cache a malicious address for this name. On high-speed local networks, the PPSRATE value should be increased to speed up this attack. As an example, a value of around 30,000 is almost 100%...
Jinshan network shield remote code execution vulnerabilities and other bugs-bug warning-the black bar safety net
Author: inking Description: Due to the Jinshan network shield about malicious address processing is not strict, the attacker by constructing a regular hang horse page and a special URL, you can make theOSexecuting any command. Affected system: As of this publish since the current latest version a...