wfCashERC4626.sol#redeem() Lack of slippage control for market sell

Lines of code Vulnerability details function redeem uint256 shares, address receiver, address owner public override returns uint256 // It is more accurate and gas efficient to check the balance of the // receiver here than rely on the previewRedeem method. uint256 balanceBefore =...

CSCMS Music Portal System SQL注入漏洞

CSCMS Music Portal System is a diversified content management system of China Chong Sheng Network Technology CSCMS Company. CSCMS Music Portal System suffers from a SQL injection vulnerability that originates from the lack of validation of the id parameter of /admin.php/pic/admin/type/hy against...

CVE-2022-0346

The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allowurlinclude is turned on...

Code injection

A vulnerability has been identified in SICAM P850 All versions V3.00, SICAM P850 All versions V3.00, SICAM P850 All versions V3.00, SICAM P850 All versions V3.00, SICAM P850 All versions V3.00, SICAM P850 All versions V3.00, SICAM P850 All versions V3.00, SICAM P850 All versions V3.00, SICAM P850...

School Dormitory Management System SQL注入漏洞

School Dormitory Management System is a school dormitory management system. SQL injection vulnerability exists in School Dormitory Management System v1.0, which originates from /dms/admin/reports/dailycollection The report.php parameter lacks validation for external input SQL statements. An...

Cisco Expressway Series和Cisco TelePresence Video Communication Server 日志信息泄露漏洞

Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS are both products of Cisco, Inc.Cisco Expressway Series is software for accessing devices outside the firewall. The software provides simple, highly secure access for users outside the firewall, helping telecommuters wo...

Cobbler Arbitrary File Read

A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation...

Siemens SICAM T 输入验证错误漏洞

The SICAM P850 Multifunctional Measurement Device is used to collect, visualize, evaluate and transmit electrical measurement variables such as AC current, AC voltage, frequency, power, harmonics, etc. The SICAM P855 Multifunctional Device is used to collect, display and transmit measured...

Siemens SICAM T 安全漏洞

The SICAM P850 Multifunctional Measurement Device is used to collect, visualize, evaluate and transmit electrical measurement variables such as AC current, AC voltage, frequency, power, harmonics, etc. The SICAM P855 Multifunctional Device is used to collect, display and transmit measured...

TOTOLINK N600R 缓冲区错误漏洞

TOTOLINK N600R is a wireless router from Gion Electronics TOTOLINK, Taiwan, China.A buffer overflow vulnerability exists in TOTOLINK N600R V4.3.0cu.7647B20210106, which stems from a lack of length validation of the url parameter in the FUN00415bf0 function. An attacker could exploit this...

D-Link DIR-825 G1 Command Injection Vulnerability

The DIR-825 G1 is a router from D-Link in Taiwan, China. A command injection vulnerability exists in the D-Link DIR-825 G1 firmware version, which stems from a lack of parameter validation in the "webupg" binary file. The vulnerability can be exploited to execute arbitrary system commands with th...

FIS GT.M Denial of Service Vulnerability (CNVD-2022-32800)

FIS GT.M is a database platform. A security vulnerability exists in FIS GT.M versions prior to V7.0-000, which stems from a lack of parameter validation when calling memcpy in strtok in srunix/ztimeoutroutines.c. The vulnerability can be exploited to attempt to read a null pointer. An attacker ca...

Unspecified vulnerability in YottaDB (CNVD-2022-31927)

YottaDB is a real-time database from YottaDB, Inc. A security vulnerability exists in YottaDB, which stems from a missing parameter validation in the call to memcpy in checkandsettimeout in srunix/ztimeoutroutines.c allowing an attacker to attempt to read from a NULL pointer. No detailed...

CVE-2021-44507

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. A lack of parameter validation in calls to memcpy in strtok in srunix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer...

CVE-2021-44507

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. A lack of parameter validation in calls to memcpy in strtok in srunix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer...

CVE-2021-44481

An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of parameter validation in calls to memcpy in checkandsettimeout in srunix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer...

CVE-2021-44481

An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of parameter validation in calls to memcpy in checkandsettimeout in srunix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer...

Null pointer dereference

An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack of parameter validation in calls to memcpy in checkandsettimeout in srunix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer...

Null pointer dereference

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. A lack of parameter validation in calls to memcpy in strtok in srunix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer...

CVE-2021-44507

CVE-2021-44507 affects FIS GT.M through V7.0-000 (related to the YottaDB code base). The issue is caused by a lack of parameter validation in calls to memcpy within str_tok in sr_unix/ztimeoutroutines.c , which can allow an attacker to read from a NULL pointer. The impact described is undefined b...