Security Advisory 0101

Security Advisory 0101 PDF Date: July 9, 2024 Revision | Date | Changes ---|---|--- 1.0 | July 9, 2024 | Initial release 1.1 | Dec 23, 2024 | Update Vulnerability Assessment for EAP and accounting, Update fixed EOS release The CVE-ID tracking this issue: CVE-2024-3596 CVSSv3.1 Base Score: 9.0...

MAL-2022-424 Malicious code in @mcd-gws/fetlife-assets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1f7e3548154ce243518484ab09d6c6ccbe53bfc1678708ba4b25c0ed08ba642a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

BlockDev Sp. Z o.o: Steal ALL collateral during liquidation by exploiting lack of validation in `flip.kick`

Summary: The flip contract allows for the MCD system to auction collateral in exchange for DAI. A lack of validation in the method flip.kick allows an attacker to create an auction with a fake bid value. Since the end contract trusts that value, it can be exploited to issue any amount of free DAI...

BlockDev Sp. Z o.o: Steal collateral during `end` process, by earning DSR interest after `flow`.

Summary: The end contract in MCD controls the process of shutting down the MCD contracts and allowing for users to redeem their DAI for collateral -- presumably to migrate to a new implementation of DAI. The process, however, doesn't prevent the continued functioniong of DAI savings accounts pot...

BlockDev Sp. Z o.o: Earn free DAI interest (inflation) through instant CDP+DSR in one tx

Summary: The MCD contracts contain different mechanisms for accumulating rates in different contracts, namely pot and jug corresponding to the cost of a loan and interest earned on savings. Because these rates are not synchronised, and depend on the call to the drip method to be calculated, it's...

mcd.mua.hrdepartment.com XSS vulnerability

Vulnerable URL: https://mcd.mua.hrdepartment.com/hr/ats/JobSearch/viewAll/"onclick=alert/OPENBUGBOUNTY/CLICK HERE Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...

Design/Logic Flaw

Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges via a crafted -d argument that contains .. dot dot sequences that point to a directory containing a file whose name includes shell metacharacters...

CVE-2008-6559

The CVE-2008-6559 entry details a local privilege-escalation in ReliantHA 1.1.4 running on SCO UnixWare 7.1.4. The vulnerability arises when a crafted -d argument contains .. sequences that resolve to a directory containing a file whose name includes shell metacharacters, enabling local users to ...

CVE-2008-6559

Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges via a crafted -d argument that contains .. dot dot sequences that point to a directory containing a file whose name includes shell metacharacters...

UnixWare Merge mcd Local Root Exploit

No description provided by source. / 04/2008: public release I have'nt seen any advisory on this; possibly still not fixed. SCO UnixWare Merge mcd Local Root Exploit By qaaz / include stdio.h include stdlib.h include string.h include unistd.h include errno.h include sys/stat.h define TARGET...

[EXPL] SCO UnixWare Merge mcd Local Root (Exploit)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Unixware utilities buffer overflow

Buffer overflows in suid utilities /usr/lib/merge/mcd /usr/opt/reliant/bin/hvdisp /usr/opt/reliant/bin/rcvm...

SCO UnixWare Merge mcd Local Root Exploit

No description provided by source. / 04/2008: public release I have'nt seen any advisory on this; possibly still not fixed. SCO UnixWare Merge mcd Local Root Exploit By qaaz / include stdio.h include stdlib.h include string.h include unistd.h include errno.h include sys/stat.h...

SCO UnixWare Merge - 'mcd' Local Privilege Escalation

/ 04/2008: public release I have'nt seen any advisory on this; possibly still not fixed. SCO UnixWare Merge mcd Local Root Exploit By qaaz / include include include include include include define TARGET "/usr/lib/merge/mcd" define DIR "/proc/%d/object", getpid define BIN "a.out" define LNK "hrc;"...

SCO UnixWare Merge mcd Local Root Exploit

Exploit for sco platform in category local exploits ========================================= SCO UnixWare Merge mcd Local Root Exploit ========================================= / 04/2008: public release I have'nt seen any advisory on this; possibly still not fixed. SCO UnixWare Merge mcd Local...

SCO UnixWare Merge - mcd Local Privilege Escalation

SCO UnixWare Merge - mcd Local Privilege Escalation / 04/2008: public release I have'nt seen any advisory on this; possibly still not fixed. SCO UnixWare Merge mcd Local Root Exploit By qaaz / include include include include include include define TARGET "/usr/lib/merge/mcd" define DIR...

CVE-2007-4600 - Mathcad Protect Worksheet Vulnerability

Mathcad Security Vulnerability Briefing - CVE-2007-4600 Synopsis of Vulnerability ========================== The ‘Protect Worksheet’ functionality, used to protect sections Mathcad sheets from alterations, in versions 12 through 14 is easily bypassed allowing access to the protected data due to t...