Lucene search
+L

1658 matches found

Code423n4
Code423n4
added 2021/04/28 12:0 a.m.10 views

Anyone can curate pools and steal rewards

Handle @cmichelio Vulnerability details Vulnerability Details The Router.curatePool and replacePool don't have any access restriction. An attacker can get a flash loan of base tokens and replace existing curated pools with their own curated pools. Impact Curated pools determine if a pool receives...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/04/27 12:0 a.m.6 views

Pool functions can be called before initialization in init() of Pools.sol

Handle 0xRajeev Vulnerability details Impact All the external/public functions of Pools.sol can be called by other contracts even before Pools.sol contract is initialized. This can lead to exceptions, state corruption or incorrect accounting in other contracts, which may require redeployment of...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/04/27 12:0 a.m.12 views

changeDAO should be a two-step process in Vader.sol

Handle 0xRajeev Vulnerability details Impact changeDAO updates DAO address in one-step. If an incorrect address is mistakenly used and voted upon then future administrative access or recovering from this mistake is prevented because onlyDAO modifier is used for changeDAO, which requires msg.sende...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/04/27 12:0 a.m.12 views

Incorrect operator used in deploySynth() of Pools.sol

Handle 0xRajeev Vulnerability details Impact The deploySynth function in Pools.sol is expected to perform a check on the token parameter to determine that it is neither VADER or USDV before calling Factory’s deploySynth function. However, the require incorrectly uses ‘||’ operator instead of ‘&&’...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/04/21 12:0 a.m.8 views

Default slippage value too high

Handle janbro Vulnerability details Summary Default slippage value too high. Risk Rating Medium Vulnerability Details MapleGlobals.sol Line 87: maxSwapSlippage = 1000; // 10 % The default slippage value of 10% is vulnerable to sandwich attackers which would shift larger costs onto stakers and LPs...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/04/08 12:0 a.m.9 views

Loans of tokens with >18 decimals can result in incorrect collateral calculation

Handle 0xsomeone Vulnerability details Impact It is possible for a user to mislead a Pool Delegate to a seemingly innocuous loan by utilizing a token with more than 18 decimals as collateral and lucrative loan terms. Proof of Concept The final calculation within the collateralRequiredForDrawdown ...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/04/07 12:0 a.m.11 views

Users Can Drain Funds From MarginSwap By Making Undercollateralized Borrows If The Price Of A Token Has Moved More Than 10% Since The Last MarginSwap Borrow/Liquidation Involving Accounts Holding That Token.

Handle jvaqa Vulnerability details Users Can Drain Funds From MarginSwap By Making Undercollateralized Borrows If The Price Of A Token Has Moved More Than 10% Since The Last MarginSwap Borrow/Liquidation Involving Accounts Holding That Token. Impact MarginSwap's internal price oracle is only...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2021/04/07 12:0 a.m.12 views

Wrong liquidation logic

Eth address 0x6823636c2462cfdcD8d33fE53fBCD0EdbE2752ad Vulnerability details The belowMaintenanceThreshold function decides if a trader can be liquidated: function belowMaintenanceThresholdCrossMarginAccount storage account internal returns bool uint256 loan = loanInPegaccount, true; uint256...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/04/04 12:0 a.m.11 views

Several function have no entry check

Email address [email protected] Handle gpersoon Eth address gpersoon.eth Vulnerability details The following functions have no entry check or a trivial entry check: withdrawHourlyBond Lending.sol closeHourlyBondAccount Lending.sol haircut Lending.sol addDelegateown adress... Admin.sol...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/04/02 12:0 a.m.15 views

Example finding from form

Email address [email protected] Handle adamavenir Eth address 234234234 Vulnerability details Some details: detailsschmetails Impact Brace for it! Proof of concept proof of concept Tools used I used no tools. Just this form and my BARE HANDS Recommended mitigation steps I would recommend not doing...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/04/02 12:0 a.m.11 views

Testing findings

Email address [email protected] Handle adamavenir Eth address 13123 Vulnerability details These are the details of this vuln details schmetails Impact Some impact! Proof of concept Check it out. I can PROVE the impact. Tools used I used not tools except this form. Recommended mitigation steps I wou...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/04/01 12:0 a.m.11 views

testing

Email address [email protected] Handle adamavenir Eth address 23423423r4 Vulnerability details 1 Impact 2 Proof of concept 3 Tools used 4 Recommended mitigation steps 5 --- The text was updated successfully, but these errors were encountered: All reactions...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/04/01 12:0 a.m.8 views

One more test.....

Email address [email protected] Handle adamvenir Eth address 23423423423423432 Vulnerability details 1 Impact 2 Proof of concept 3 Tools used 4 Recommended mitigation steps 5 --- The text was updated successfully, but these errors were encountered: All reactions...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/04/01 12:0 a.m.5 views

Something else testing here

Email address [email protected] Handle adamavenir Eth address 234234234 Vulnerability details 1 Impact 2 Proof of concept 2 Tools used 4 Recommended mitigation steps 5 --- The text was updated successfully, but these errors were encountered: All reactions...

7AI score
Exploits0
GithubExploit
GithubExploit
added 2021/03/26 1:9 a.m.14 views

Exploit for NULL Pointer Dereference in Openssl

CVE-2021-3449 OpenSSL This issue was reported to OpenSSL on 1...

5.9CVSS7.4AI score0.62906EPSS
Exploits3
CERT
CERT
added 2021/02/01 12:0 a.m.32 views

Adobe ColdFusion is vulnerable to privilege escalation due to weak ACLs

Overview Adobe ColdFusion fails to properly set ACLs, which can allow an unprivileged Windows user to be able to run arbitrary code with SYSTEM privileges. Description The Adobe ColdFusion installer fails to set a secure access-control list ACL on the default installation directory, such as...

7.8CVSS7.8AI score0.00501EPSS
Exploits0References4
Citrix
Citrix
added 2020/11/09 12:0 a.m.9 views

CVE-2019-19781 - Verification Tool

Objective The Check-CVE-2019-19781 tool will enable customers to identify AAA and Gateway endpoints on Citrix ADC and Citrix Gateway devices in their deployment that are vulnerable to CVE-2019-19781. Customers are also encouraged to run the tool upon application of the mitigation steps to ensure...

9.8CVSS7.4AI score0.99999EPSS
Exploits48
NCSC
NCSC
added 2020/09/30 12:0 a.m.7 views

Vulnerability fixed in Dell SonicWall

A vulnerability has been fixed in Dell SonicWall. It involves a domain name collision vulnerability. The web interface of SonicWall makes it possible for an attacker to obtain information about domain names used on an organization's internal network. organization. The attacker can register a foun...

5.3CVSS6.4AI score0.00919EPSS
Exploits0
ICS
ICS
added 2020/09/24 12:0 p.m.51 views

Technical Approaches to Uncovering and Remediating Malicious Activity

Summary This joint advisory is the result of a collaborative research effort by the cybersecurity authorities of five nations: Australia,1 Canada,2 New Zealand,34 the United Kingdom,5 and the United States.6 It highlights technical approaches to uncovering malicious activity and includes mitigati...

9.7AI score
Exploits0References42
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/23 12:38 p.m.55 views

Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management

Summary Kernel is used by IBM Netezza Host Management. This bulletin provides mitigation for the reported CVEs Vulnerability Details CVEID: CVE-2020-12655 DESCRIPTION: Linux Kernel could allow a local attacker to bypass security restrictions, caused by a flaw in the xfsagfverify function in...

5.5CVSS0.3AI score0.00461EPSS
Exploits0Affected Software1
Rows per page
Query Builder