Basket NFT have no name and symbol

Lines of code Vulnerability details Impact The Basket contract is intended to be used behind a proxy. But the ERC721 implementation used is not upgradeable, and its constructor is called at deployment time on the implementation. So all proxies will have a void name and symbol, breaking all...

EulerOS 2.0 SP8 : python-waitress (EulerOS-SA-2022-1948)

According to the versions of the python-waitress package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that...

llhttp: HTTP Request Smuggling when parsing the body of chunked requests

An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an...

Authorities Shut Down Russian RSOCKS Botnet That Hacked Millions of Devices

The U.S. Department of Justice DoJ on Thursday disclosed that it took down the infrastructure associated with a Russian botnet known as RSOCKS in collaboration with law enforcement partners in Germany, the Netherlands, and the U.K. The botnet, operated by a sophisticated cybercrime organization, ...

GHSA-77MV-4RG7-R8QV Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy

The nestjs-proxy library did not have a way to block sensitive cookies e.g. session cookies from being forwarded to backend services configured by the application developer. This could have led to sensitive cookies being inadvertently exposed to such services that should not see them. The patched...

Privilege Escalation via edit response body

Description Recently, i found a business logic vulnerabity and this vulnerability allow reader user perform privilege escalation on allaccess user. Because before user perform any function, client-side will perform OPTIONS request to view user permission with specify function via response body. I...

CVE-2022-31070

The CVE-2022-31070 issue affects the NestJS Proxy library. Prior to 0.7.0, nestjs-proxy could forward sensitive cookies (e.g., session cookies) to backend services, risking exposure. The fix is in @finastra/nestjs-proxy v0.7.0, which blocks cookies by default; an allowedCookies whitelist can be c...

CVE-2022-31590

CVE-2022-31590 affects SAP PowerDesigner Proxy 16.7. An attacker with low privileges and local access can bypass root-disk access restrictions to write a program file on the system disk root, which could be executed with elevated privileges during startup or reboot, potentially impacting confiden...

DOMDig - DOM XSS Scanner For Single Page Applications

DOMDig is a DOM XSS scanner that runs inside the Chromium web browser and it can scan single page applications SPA recursively. Unlike other scanners, DOMDig can crawl any webapplication including gmail by keeping track of DOM modifications and XHR/fetch/websocket requests and it can simulate a...

Jeeves - Time-Based Blind SQLInjection Finder

Jeeves is made for looking to Time-Based Blind SQLInjection through recon. - Installation & Requirements: Installing Jeeves  $ go install github.com/ferreiraklet/Jeeves@latest OR $ git clone https://github.com/ferreiraklet/Jeeves.git $ cd Jeeves $ go build jeeves.go $ chmod +x jeeves $ ./jeeves...

Envoy Resource Management Error Vulnerability (CNVD-2022-82667)

Envoy is an open source distributed proxy server. versions prior to Envoy 1.22.1 are vulnerable to a resource management error, which stems from the fact that it is insecure to redirect requests with body text or trailers within Envoy, and an attacker could exploit the vulnerability to crash the...

Authentication flaw

Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed cookie is missing a full authentication flow should be triggered. However, the current...

Design/Logic Flaw

Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT in newer versions and corrupts memory on earlier versions. continueDecoding shouldn’t eve...

Design/Logic Flaw

Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the request Envoy sends a loc...

CVE-2022-29227

Envoy has a use-after-free in versions before 1.22.1 triggered when replaying an HTTP request with an internal redirect that contains more than the HTTP headers; if a local reply is emitted while redirect headers are processed and the downstream state marks the stream incomplete, Envoy attempts t...

CVE-2022-29225

CVE-2022-29225 affects Envoy where secompressors in versions before 1.22.1 accumulate decompressed data and overwrite the body during decode/encode, potentially allowing a zip bomb attack that exhausts memory and causes DoS. The connected sources confirm this behavior and the advised mitigation i...

CVE-2022-29224

Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold” prevent removal upstrea...

Null pointer dereference

Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold� prevent removal...

CVE-2022-29224

CVE-2022-29224 : Envoy

CVE-2022-29224 Segmentation fault leading to crash in Envoy

Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold” prevent removal upstrea...