Inherit a wrong contract - Authorizable.sol.

Lines of code Vulnerability details Risk rating high Title Inherit a wrong contract - Authorizable.sol. Vulnerability Details Impact By an untrust account, the system could be invaliable. Proof of Concept The Authorizable.soladdAuthorization and Authorizable.solremobeAuthorization functions as...

2023 OWASP Top-10 Series: Wrap Up

Over the past several months, we've taken a journey through the new 2023 OWASP API Security Top-10 list. In the previous 12 weekly posts, we've delved into each category, discussed what it is, how it's exploited, why it matters, and suggested effective protections for each. Now, as we conclude th...

Upgraded Q -> 2 from #250 [1676238307490]

Judge has assessed an item in Issue 250 as 2 risk. The relevant finding follows: In first place, currentIndex which is of type mappingaddress = uint256 is incremented before using it in line 117. This will cause the implementation to miss the zero index, and start from the second place index 1. T...

GHSA-GWP4-MCV4-W95J jwcrypto token substitution can lead to authentication bypass

The JWT code can auto-detect the type of token being provided, and this can lead the application to incorrect conclusions about the trustworthiness of the token. Quoting the private disclosure we received : "Under certain circumstances, it is possible to substitute a .. signed JWS with a JWE that...

Prioritize Remediation with a Perceived-Risk Approach to Strengthen CyberSecurity Effectiveness

Minimizing Time To Remediate TTR is becoming one of the key metrics of security program effectiveness. This holistic measure represents many capabilities and is a good validation of your risk mitigation capacity because it captures how quickly you can respond to the most critical vulnerabilities...

A malicious receiver can cause another receiver to lose out on distributed fees by returning false for tokensReceived when receiveRewards is called on their receiver contract.

Handle janbro Vulnerability details Summary A malicious receiver can cause another receiver to lose out on distributed fees by returning false for tokensReceived when receiveRewards is called on their receiver contract. Risk Rating Medium Vulnerability Details A malicious receiver can cause anoth...

GHSA-4HJQ-422Q-4VPX Mautic vulnerable to secret data exfiltration via symfony parameters

Impact Symfony parameters which is what Mautic transforms configuration parameters into can be used within other Symfony parameters by design. However, this also means that an admin who is normally not privy to certain parameters, such as database credentials, could expose them by leveraging any ...

Separating the Signal from the Noise: How Mandiant Intelligence Rates Vulnerabilities — Intelligence for Vulnerability Management, Part Three

One of the critical strategic and tactical roles that cyber threat intelligence CTI plays is in the tracking, analysis, and prioritization of software vulnerabilities that could potentially put an organization’s data, employees and customers at risk. In this four-part blog series, FireEye Mandian...

ICS Tactical Security Trends: Analysis of the Most Frequent Security Risks Observed in the Field

Introduction FireEye iSIGHT Intelligence compiled extensive data from dozens of ICS security health assessment engagements ICS Healthcheck performed by Mandiant, FireEye's consulting team, to identify the most pervasive and highest priority security risks in industrial facilities. The information...

Identity Governance 12.6 Cross Site Scripting Vulnerability

Exploit for windows platform in category web applications Security Notice for CA Identity Governance CA Technologies support is alerting customers to a potential risk with CA Identity Governance. A vulnerability exists that can potentially allow a malicious actor to conduct cross-site scripting...

Huawei UTPS - Unquoted Service Path Privilege Escalation

Exploit Title: Unquoted Service Path Vulnerability in Huawei UTPS Software Date: Nov 16 2016 Author: Dhruv Shah @Snypter Website: http://security-geek.in Contact: [email protected] Category: local Vendor Homepage: http://www.huawei.com/ Version: Versions earlier than UTPS-V200R003B015D16SPC00C9...

CA20140413-01: Security Notice for OpenSSL Heartbleed Vulnerability

CA20140413-01: Security Notice for OpenSSL Heartbleed Vulnerability Issued: April 13, 2014 Updated: May 12, 2014 CA Technologies is investigating an OpenSSL vulnerability, referred to as the "Heartbleed bug" that was publicly disclosed on April 7, 2014. CVE identifier CVE-2014-0160 has been...

CA20121220-01: Security Notice for CA IdentityMinder

CA20121220-01: Security Notice for CA IdentityMinder Issued: December 20, 2012 CA Technologies Support is alerting customers to two potential risks in CA IdentityMinder formerly known as CA Identity Manager. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary commands,...

CA20111116-01: Security Notice for CA Directory

-----BEGIN PGP SIGNED MESSAGE----- CA20111116-01: Security Notice for CA Directory Issued: November 16, 2011 CA Technologies Support is alerting customers to a potential risk with CA Directory. A vulnerability exists that can allow a remote attacker to cause a denial of service condition...

CA20101209-01: Security Notice for CA XOsoft

-----BEGIN PGP SIGNED MESSAGE----- CA20101209-01: Security Notice for CA XOsoft Issued: December 9, 2010 CA Technologies support is alerting customers to a security risk with CA XOsoft. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued a patch to...

CORELAN-10-008 - Multiple vulnerabilities found in evalmsi 2.1.03

|------------------------------------------------------------------| | | | / / / / | | / / / / / / / / / / / | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | | [email protected] | | |...

CA20090818-01: Security Notice for CA Host-Based Intrusion Prevention System

CA20090818-01: Security Notice for CA Host-Based Intrusion Prevention System Issued: August 18, 2009 CA's technical support is alerting customers to a security risk with CA Host-Based Intrusion Prevention System. A vulnerability exists that can allow a remote attacker to cause a denial of service...

CA ARCserve Backup for Laptops and Desktops Server and CA Desktop Management Suite Multiple Vulnerabilities

Title: CA ARCserve Backup for Laptops and Desktops Server and CA Desktop Management Suite Multiple Vulnerabilities CA Advisory Date: 2008-04-03 Reported By: Dyon Balding of Secunia Research Impact: A remote attacker can execute arbitrary code or cause a denial of service condition. Summary: CA...

[CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities (UPDATED)

Our original fixes for the BrightStor ARCserve Backup vulnerabilities that we publicly disclosed on 2006-10-05 http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=9377 5&date=2006/10 did not completely resolve one of the vulnerabilities. Consequently, we have released new fixes tha...

[Full-disclosure] CAID 34013 - CA Common Services CAIRIM on z/OS LMP SVC vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: CAID 34013 - CA Common Services CAIRIM on z/OS LMP SVC vulnerability CA Vulnerability ID: 34013 CA Advisory Date: 2006-05-02 Discovered By: IBM Global Services Impact: Local attacker can gain escalated privileges. Summary: A potential...