28 matches found
EUVD-2008-2171
Malware in sbrugna...
CVE-2025-10475 SpyShelter IOCTL SpyShelter.sys denial of service
A weakness has been identified in SpyShelter up to 15.4.0.1015. Affected is an unknown function in the library SpyShelter.sys of the component IOCTL Handler. This manipulation causes denial of service. The attack needs to be launched locally. The exploit has been made available to the public and...
Shelter Soul: Bridging Shelters and Adopters through Technology
Pet adoption processes often face inefficiencies, including limited accessibility, lack of real-time information, and mismatched expectations between shelters and adopters. To address these challenges, this study presents Shelter Soul, a technology-based solution designed to streamline pet adopti...
PT-2025-14153 · WordPress · Photoshelter For Photographers Blog Feed Plugin
Name of the Vulnerable Software and Affected Versions: PhotoShelter for Photographers Blog Feed Plugin versions 1.5.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attack...
animalshelter.org Cross Site Scripting vulnerability OBB-3890520
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
shelter-srl.com Cross Site Scripting vulnerability OBB-3474789
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Shelter donations result in wrong internal balance if fee-on-transfer token is used
Judge @GalloDaSballo has assessed the 2nd Low-severity item in QA Report 66 as Medium risk. The relevant finding follows: … In case of a fee-on-transfer ERC20 token the savedTokens balance will not represent the actual balance of the contract: You can either disable the use of fee-on-transfer...
Shelter funds can be stolen
Lines of code Vulnerability details Impact Shelter has a function withdraw that lets whitelisted users withdraw a specified amount of some token. The function does not check if the user has already withdrew the tokens. Since, a user can withdraw allowed amount any number of times, stealing all th...
Repeated Calls to Shelter.withdraw Can Drain All Funds in Shelter
Lines of code Vulnerability details Impact tl;dr Anyone who can call withdraw to withdraw their own funds can call it repeatedly to withdraw the funds of others. withdraw should only succeed if the user hasn't withdrawn the token already. The shelter can be used for users to withdraw funds in the...
Shelter sets wrong claimed field
Lines of code Vulnerability details The Sheler.withdraw function sets the claimedtokenuser field but uses the shares of msg.sender. An attacker can withdraw tokens several times passing different to addresses, each time the msg.sender's shares will be used to receive tokens. function withdrawIERC...
Shelter withdraw does not check if user already claimed
Lines of code Vulnerability details Impact Shelter withdraw does not check if user already claimed. This allow any user with non-zero claim to drain the Shelter. Proof of Concept function withdrawIERC20 token, address to external override requireactivatedtoken != 0 && activatedtoken + GRACEPERIOD...
Shelter.claim does not check if already claimed
Lines of code Vulnerability details The Sheler.withdraw function sets the claimedtokenuser field but does not check if the user is allowed to claim by checking require!claimedtokenuser, "already claimed". function withdrawIERC20 token, address to external override requireactivatedtoken != 0 &&...
double spend in Shelter
Lines of code Vulnerability details in the withdraw function in Shelter, one can withdraw infinite times, and by doing so, draining the system. the function doesn't check that the shares aren't already withdrawn. --- The text was updated successfully, but these errors were encountered: All reacti...
Repeated withdrawals from Shelter
Lines of code Vulnerability details Impact function withdraw in Shelter sets claimed flag: claimedtokento = true; but it never actually checks if the user has already claimed, so users can invoke the withdrawal function multiple times and claim more rewards than were entitled. Recommended...
All Tokens Can Be Stolen From Shelter Contract
Lines of code Vulnerability details Impact function withdrawIERC20 token, address to external override requireactivatedtoken != 0 && activatedtoken + GRACEPERIOD block.timestamp, "shelter not activated"; uint256 amount = savedTokenstoken client.shareOftoken, msg.sender / client.totalSharetoken;...
claimed of _to set to true
Lines of code Vulnerability details Impact Function withdraw in Shelter calculates the amount based on shares of msg.sender, but sets the claimed flag of to: uint256 amount = savedTokenstoken client.shareOftoken, msg.sender / client.totalSharetoken; claimedtokento = true; This means a malicious...
Lock and Code S1Ep8: Securely working from home (WFH) with John Donovan and Adam Kujawa
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to John Donovan, head of security at Malwarebytes, and Adam Kujawa, director of Malwarebtyes Labs, about securely working from home WFH. With shelter-in-pla...
england.shelter.org.uk XSS vulnerability
Open Bug Bounty ID: OBB-606168 Description| Value ---|--- Affected Website:| england.shelter.org.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Fallout Shelter - Base64 encoded String, Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Fallout Shelter published at the 'play' market has multiple vulnerabilities...
Pet Shelter Hero - Customized SSL, Dangerous filesystem permissions, Hardcoded secrets vulnerabilities
HackApp vulnerability scanner discovered that application Pet Shelter Hero published at the 'play' market has multiple vulnerabilities...