Lucene search
K

203 matches found

Code423n4
Code423n4
added 2021/10/27 12:0 a.m.9 views

Lack of data validation in update function

Handle Koustre Vulnerability details Impact There is no data validation of the data input into update function in MochiCSSRv0.sol. Allowing anyone to set the price of any non ERC20 token that is not a bluechip asset DAI, WETH, ETH, etc. Proof of Concept Provide direct links to all referenced code...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/10/25 12:0 a.m.7 views

feePool is vulnerable to sandwich attack.

Handle jonah1005 Vulnerability details Impact There's a permissionless function distributeMochi in FeePoolV0. Since everyone can trigger this function, an attacker can launch a sandwich attack with flashloan to steal the funds. FeePoolV0.solL55-L62 The devs have mentioned this concern in the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/07/21 12:0 a.m.7 views

Unnecessary/Incorrect onlyDAO modifier could be an indication of missing access control

Handle 0xRajeev Vulnerability details Impact Unnecessary/incorrect access control modifier is typically an indication of missing critical authorization checks. The onlyDAO modifier used in various protocol contracts is present in synthFactory.sol but used only in the purgeDeployer which sets...

7AI score
Exploits0
HackRead
HackRead
added 2021/06/15 7:0 p.m.27 views

Revil ransomware gang claims breaching US nuclear weapons contractor

By Deeba Ahmed The REvil ransomware gang have said that they will auction the data belonging to Sol Oriens, a US-based nuclear weapons contractor. This is a post from HackRead.com Read the original post: Revil ransomware gang claims breaching US nuclear weapons contractor...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2021/06/11 6:16 p.m.222 views

REvil Hits US Nuclear Weapons Contractor: Report

Sol Oriens, a subcontractor for the U.S. Department of Energy DOE that works on nuclear weapons with the National Nuclear Security Administration NNSA, last month was hit by a cyberattack that experts say came from the relentless REvil ransomware-as-a-service RaaS gang. The Albuquerque, N.M...

7.2AI score
Exploits0References20
Code423n4
Code423n4
added 2021/05/30 12:0 a.m.12 views

Witch can't give back vault after 2x grab

Handle gpersoon Vulnerability details Impact The witch.sol contract gets access to a vault via the grab function, in case of liquidation. If the witch.sol contract can't sell the debt within a certain amount of time, a second grab can occur. After the second grab, the information of the original...

6.8AI score
Exploits0
Cvelist
Cvelist
added 2021/04/06 5:2 a.m.18 views

CVE-2021-28205 ASUS BMC's firmware: path traversal - Delete SOL video file function

The specific function in ASUS BMC’s firmware Web management page Delete SOL video file function does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files...

4.9CVSS5.5AI score0.01903EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/04/06 12:0 a.m.6 views

ASUS BMC Firmware 路径遍历漏洞

ASUS BMC Firmware is a firmware from Asus China. A path traversal vulnerability exists in the ASUS BMC Firmware Web management page, which stems from the Delete SOL video file function not filtering specific parameters. A remote attacker could use this vulnerability to gain administrator privileg...

6.8CVSS5.7AI score0.01903EPSS
Exploits0References3
OSV
OSV
added 2020/11/29 1:15 a.m.3 views

CVE-2020-29380

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a...

5.9CVSS6.2AI score0.00474EPSS
Exploits0References1
OSV
OSV
added 2020/11/29 1:15 a.m.5 views

CVE-2020-29383

An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. A hardcoded RSA private key specific to V1600D4L and V1600D-MINI is contained in the firmware images...

7.8CVSS7.1AI score0.00271EPSS
Exploits0References1
NVD
NVD
added 2020/11/29 1:15 a.m.22 views

CVE-2020-29378

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user to full administrative access by using the password !j@ly$z%x6x7q8c9z for the...

9CVSS8.8AI score0.01075EPSS
Exploits0References1
NVD
NVD
added 2020/11/29 1:15 a.m.27 views

CVE-2020-29383

An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. A hardcoded RSA private key specific to V1600D4L and V1600D-MINI is contained in the firmware images...

7.8CVSS7.6AI score0.00271EPSS
Exploits0References1
NVD
NVD
added 2020/11/29 1:15 a.m.33 views

CVE-2020-29380

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a...

5.9CVSS5.7AI score0.00474EPSS
Exploits0References1
NVD
NVD
added 2020/11/29 1:15 a.m.14 views

CVE-2020-29379

An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access...

5.5CVSS5.7AI score0.0032EPSS
Exploits1References1
OSV
OSV
added 2020/11/29 1:15 a.m.4 views

CVE-2020-29382

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key specific to V1600D, V1600G1, and V1600G2 is contained in the firmware images...

7.8CVSS7.1AI score0.00326EPSS
Exploits1References1
NVD
NVD
added 2020/11/29 1:15 a.m.26 views

CVE-2020-29382

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key specific to V1600D, V1600G1, and V1600G2 is contained in the firmware images...

7.8CVSS7.6AI score0.00326EPSS
Exploits1References1
NVD
NVD
added 2020/11/29 1:15 a.m.27 views

CVE-2020-29381

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in "upload tftp syslog" and "upload tftp configuration" in the CLI via a crafted filename...

10CVSS9.5AI score0.02321EPSS
Exploits0References1
OSV
OSV
added 2020/11/29 1:15 a.m.3 views

CVE-2020-29379

An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access...

5.5CVSS6.1AI score0.0032EPSS
Exploits1References1
NVD
NVD
added 2020/11/29 1:15 a.m.24 views

CVE-2020-29375

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. An low-privileged non-admin attacker can use a hardcoded password 4ef9cea10b2362f15ba4558b1d5c081f to create an admin user...

8.8CVSS8.7AI score0.00799EPSS
Exploits0References1
NVD
NVD
added 2020/11/29 1:15 a.m.17 views

CVE-2020-29376

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. There is an !j@ly$z%x6x7q8c9z password for the admin account to authenticate to the TELNET service...

9.8CVSS9.6AI score0.01108EPSS
Exploits1References1
Rows per page
Query Builder