Lucene search
K

226 matches found

0day.today
0day.today
added 2024/08/22 12:0 a.m.250 views

DIAEnergie 1.10 SQL Injection Exploit

This Metasploit module exploit a remote SQL injection vulnerability in the CBEC service of DIAEnergie versions 1.10 and below from Delta Electronics. The commands will get executed in the context of NT AUTHORITY\SYSTEM. class MetasploitModule 'DIAEnergie SQL Injection CVE-2024-4548', 'Description...

9.8CVSS8.2AI score0.29425EPSS
Exploits5
0day.today
0day.today
added 2024/08/08 12:0 a.m.278 views

Calibre 7.15.0 Python Code Injection Exploit

This Metasploit module exploits a Python code injection vulnerability in the Content Server component of Calibre version 6.9.0 through 7.15.0. Once enabled disabled by default, it will listen in its default configuration on all network interfaces on TCP port 8080 for incoming traffic, and does no...

9.8CVSS9.6AI score0.83393EPSS
Exploits8
Metasploit
Metasploit
added 2024/07/03 7:54 p.m.250 views

Azure CLI Credentials Gatherer

This module will collect the Azure CLI 2.0+ az cli settings files for all users on a given target. These configuration files contain JWT tokens used to authenticate users and other subscription information. Once tokens are stolen from one host, they can be used to impersonate the user from a...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2024/05/22 12:0 a.m.441 views

AVideo WWBNIndex Plugin Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AVideo WWBNIndex Plugin Unauthenticated RCE', 'Description' = %q This module exploits an unauthenticated remote code execution RCE vulnerability ...

7.1AI score0.15635EPSS
Exploits6
Veracode
Veracode
added 2024/04/26 10:11 a.m.18 views

Double Evaluation

vyper is vulnerable to Double Evaluation. The vulnerability is due to the buildIR function of the sqrt builtin not caching the argument to the stack, allowing for multiple evaluations when the argument has side-effects...

5.3CVSS6.8AI score0.00451EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/04/25 7:51 p.m.32 views

GHSA-R56X-J438-VW5M vyper performs double eval of the slice start/length args in certain cases

Summary Using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects. A contract search was performed and no vulnerable contracts were found in production. Having...

5.3CVSS5.4AI score0.00451EPSS
Exploits0References5
OSV
OSV
added 2024/04/25 7:50 p.m.20 views

GHSA-3WHQ-64Q2-QFJ6 vyper performs double eval of raw_args in create_from_blueprint

Summary Using the createfromblueprint builtin can result in a double eval vulnerability when rawargs=True and the args argument has side-effects. A contract search was performed and no vulnerable contracts were found in production. In particular, the rawargs variant of createfromblueprint was not...

5.3CVSS5.2AI score0.00451EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/04/25 7:50 p.m.22 views

vyper performs double eval of raw_args in create_from_blueprint

Summary Using the createfromblueprint builtin can result in a double eval vulnerability when rawargs=True and the args argument has side-effects. A contract search was performed and no vulnerable contracts were found in production. In particular, the rawargs variant of createfromblueprint was not...

5.3CVSS5.3AI score0.00451EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/04/25 7:50 p.m.16 views

GHSA-5JRJ-52X8-M64H vyper performs multiple eval of `sqrt()` argument built in

Summary Using the sqrt builtin can result in multiple eval evaluation of side effects when the argument has side-effects. The bug is more difficult but not impossible! to trigger as of 0.3.4, when the unique symbol fence was introduced https://github.com/vyperlang/vyper/pull/2914. A contract sear...

5.3CVSS5.3AI score0.00451EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/04/25 7:50 p.m.46 views

vyper performs multiple eval of `sqrt()` argument built in

Summary Using the sqrt builtin can result in multiple eval evaluation of side effects when the argument has side-effects. The bug is more difficult but not impossible! to trigger as of 0.3.4, when the unique symbol fence was introduced https://github.com/vyperlang/vyper/pull/2914. A contract sear...

5.3CVSS5.4AI score0.00451EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/04/25 6:15 p.m.46 views

CVE-2024-32649

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the sqrt builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the buildIR function of the sqrt builtin doesn't cache the argument to...

5.3CVSS5.3AI score0.00451EPSS
Exploits0References1
PyPA
PyPA
added 2024/04/25 6:15 p.m.8 views

PYSEC-2024-209

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the sqrt builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the buildIR function of the sqrt builtin doesn't cache the argument to...

5.3CVSS7AI score0.00451EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2024/04/25 6:15 p.m.9 views

PYSEC-2024-208

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the createfromblueprint builtin can result in a double eval vulnerability when rawargs=True and the args argument has side-effects. It can be seen that the buildcreateIR function of t...

5.3CVSS7AI score0.00451EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/04/25 6:15 p.m.31 views

CVE-2024-32647

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the createfromblueprint builtin can result in a double eval vulnerability when rawargs=True and the args argument has side-effects. It can be seen that the buildcreateIR function of t...

5.3CVSS5.3AI score0.00451EPSS
Exploits0References2
NVD
NVD
added 2024/04/25 6:15 p.m.42 views

CVE-2024-32646

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects...

5.3CVSS5.5AI score0.00451EPSS
Exploits0References1
PyPA
PyPA
added 2024/04/25 6:15 p.m.10 views

PYSEC-2024-207

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or .code and either the start or length arguments have side-effects...

5.3CVSS7.1AI score0.00451EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/04/25 5:53 p.m.41 views

CVE-2024-32649 vyper performs double eval of the argument of sqrt

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the sqrt builtin can result in double eval vulnerability when the argument has side-effects. It can be seen that the buildIR function of the sqrt builtin doesn't cache the argument to...

5.3CVSS5.6AI score0.00451EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/25 5:41 p.m.17 views

CVE-2024-32647 vyper performs double eval of raw_args in create_from_blueprint

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the createfromblueprint builtin can result in a double eval vulnerability when rawargs=True and the args argument has side-effects. It can be seen that the buildcreateIR function of t...

5.3CVSS6.8AI score0.00451EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/25 5:41 p.m.29 views

CVE-2024-32647 vyper performs double eval of raw_args in create_from_blueprint

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the createfromblueprint builtin can result in a double eval vulnerability when rawargs=True and the args argument has side-effects. It can be seen that the buildcreateIR function of t...

5.3CVSS5.6AI score0.00451EPSS
Exploits0References2
CVE
CVE
added 2024/04/25 5:41 p.m.65 views

CVE-2024-32647

Vyper vulnerability CVE-2024-32647 concerns the create_from_blueprint builtin prior to version 0.3.11. The root cause is that the _build_create_IR path does not cache the args parameter on the stack when raw_args=True and args have side-effects, allowing the argument to be evaluated multiple time...

5.3CVSS6.8AI score0.00451EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder