Borrower can frontrun lender's call to lend to increase ltvBPS and avoid liquidation

Lines of code Vulnerability details Impact In NFTPairWithOracle.lend, the loan ltvBPS can be higher than the lender's accepted ltvBPS. This allow a borrower to watch the mempool and front-run the lender's call and change ltvBPS to some very large value using updateLoanParams to avoid liquidation...

Potential Sandwich Attack: Arbitrage bots can front run reward tokens being sent to the liquidity mining contracts

Lines of code Vulnerability details Impact For the PARMiner and DemandMiner contracts, arbitrage bots could harvest significant portion of rewards by monitoring MEV, and front run any reward token either a.mimo or par being transferred to the liquidityMining contract i.e. call the deposit functio...

workflow-cps: Password parameters are included from the original build in replayed builds

A flaw was found in Jenkins. The Pipeline: Groovy Plugin includes password parameters from the original build in replayed builds. This flaw allows attackers with run/replay permission to obtain the values of password parameters passed to previous builds of a Pipeline...

The vulnerabilities of the PerlRun.pm and RegistryCooker.pm components of the Apache mod_perl web server module allow a hacker to cause a service failure.

The vulnerability of the PerlRun.pm and RegistryCooker.pm components of the Apache modperl web server module exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures...

CVE-2021-4212

A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code...

Should implement a periphery contract for user to mint indexToken

Lines of code Vulnerability details Impact User can lose their fund Proof of Concept When users want to mint an index token, users need to transfer their assets to addressvToken first, then call the mint function of IndexLogic.sol. If users make it into 2 transactions, miner can manipulate it/...

SAP Focused Run Directory Traversal Vulnerability

SAP Focused Run is a data center and key account system operations management solution the ultimate solution for high-volume monitoring, alerting, diagnostics, and analysis from SAP Germany.SAP Focused Run is vulnerable to a directory traversal vulnerability that could be exploited by a remote...

CVE-2022-22182

A Cross-site Scripting XSS vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects: Juniper Networks Junos OS 12....

workflow-cps: Password parameters are included from the original build in replayed builds

A flaw was found in Jenkins. The Pipeline: Groovy Plugin includes password parameters from the original build in replayed builds. This flaw allows attackers with run/replay permission to obtain the values of password parameters passed to previous builds of a Pipeline...

CVE-2022-27657

A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run Simple Diagnostics Agent 1.0 - version 1.0...

CVE-2022-27657

A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run Simple Diagnostics Agent 1.0 - version 1.0...

Input validation

A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run Simple Diagnostics Agent 1.0 - version 1.0...

CVE-2022-27657

CVE-2022-27657 affects SAP Focused Run (Simple Diagnostics Agent 1.0) 1.0. The vulnerability is a directory traversal flaw caused by insufficient validation of path information, allowing a highly privileged remote attacker to display contents of restricted directories. The issue is tied to Simple...

CVE-2022-27657

A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run Simple Diagnostics Agent 1.0 - version 1.0...

PT-2022-18553 · Sap · Sap Focused Run

Name of the Vulnerable Software and Affected Versions: SAP Focused Run Simple Diagnostics Agent 1.0 version 1.0 Description: A highly privileged remote attacker can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information...

SAP Focused Run 路径遍历漏洞

SAP Focused Run is a data center and key account system operations management solution the ultimate solution for high-volume monitoring, alerting, diagnostics, and analysis from SAP Germany.SAP Focused Run is vulnerable to a directory traversal vulnerability that could be exploited by a remote...

CVE-2022-27128

An incorrect access control issue at /admin/runajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts...

HashiCorp Terraform Enterprise releases up to v202106-1 did not properly perform authorization checks on a subset of API requests executed using the run token allowing privilege escalation to organization owner. Fixed in v202107-1.

...

run-down.com Cross Site Scripting vulnerability OBB-2460137

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

MicroWorld Technologies eScan Anti-Virus 输入验证错误漏洞

MicroWorld Technologies eScan Anti-Virus is an Internet security solution from MicroWorld Technologies, USA. It provides virus protection for enterprise and home SOHO users. The MicroWorld Technologies eScan Anti-Virus is prone to an input validation error vulnerability that originates from inval...