CNote balance can be affected by griefing attack

Lines of code Vulnerability details Functions borrowFresh, repayBorrowFresh, mintFresh, redeemFresh require CNote balance to be strictly zero, reverting unconditionally otherwise. However, as CNote is ERC20 with usual transfer functionality, anyone can send a cNote tokens to the contract itself,...

Malicious code in omm-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9b77b7e73dde625c8bf9d9f21a73f6fd520dbb22c846db32bf17cfdd324c3da9 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

MAL-2022-5066 Malicious code in omm-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9b77b7e73dde625c8bf9d9f21a73f6fd520dbb22c846db32bf17cfdd324c3da9 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

CVE-2022-2125

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2...

Reflected XSS on /editor_tools/module

Description Reflected XSS with filter bypass on /editortools/module using type= parameter. Proof of Concept https://demo.microweber.org/demo/editortools/module?type="alert"xss" The value of the "type" parameter is injected into the source code of the page at line 38. Since the value of the "type"...

Heap-based Buffer Overflow in function get_lisp_indent

Description Heap-based Buffer Overflow in function getlispindent at indent.c:1994 vim version git log commit 83497f875881973df772cc4cc593766345df6c4a HEAD - master, tag: v8.2.5105, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/pochbo2s.dat -...

MAL-2022-4780 Malicious code in nab-packages-react-utils-nab (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8120362995adcf1dfb405249ecc06115b8f7bd48d9d3a2e81c3b601830d66c9e Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

Shopify: Production Key and Data Found on Subdomain No Longer Operated by Shopify / Dangling DNS

The production key and data were found on a subdomain no longer operated by Shopify. The subdomain was pointing to an IP address that did not belong to Shopify. The DNS record for the subdomain was removed, but no Shopify services were impacted...

CVE-2022-29597

Solutions Atlantic Regulatory Reporting System RRS v500 is vulnerable to Local File Inclusion LFI. Any authenticated user has the ability to reference internal system files within requests made to the RRSWeb/maint/ShowDocument/ShowDocument.aspx page. The server will successfully respond with the...

Code injection

Solutions Atlantic Regulatory Reporting System RRS v500 is vulnerable to Local File Inclusion LFI. Any authenticated user has the ability to reference internal system files within requests made to the RRSWeb/maint/ShowDocument/ShowDocument.aspx page. The server will successfully respond with the...

CVE-2022-29597

CVE-2022-29597 affects Solutions Atlantic Regulatory Reporting System (RRS) v500. It exposes a Local File Inclusion (LFI) vulnerability via the ShowDocument/ShowDocument.aspx page, where an authenticated user can abuse the fileName parameter to reference internal system files (eg. web.config) and...

CVE-2022-29597

Solutions Atlantic Regulatory Reporting System RRS v500 is vulnerable to Local File Inclusion LFI. Any authenticated user has the ability to reference internal system files within requests made to the RRSWeb/maint/ShowDocument/ShowDocument.aspx page. The server will successfully respond with the...

Phoenix-ws source code and data in extensions folder is publicly available

Impact All of the source code, files, and folders in phoenixfiles/extensions/ are available to end users through a simple HTTP GET request. Patches The issue has been patched. The users of version 1.0.6 and above are not effected...

GHSA-C8F7-X2G7-7FXJ Phoenix-ws source code and data in extensions folder is publicly available

Impact All of the source code, files, and folders in phoenixfiles/extensions/ are available to end users through a simple HTTP GET request. Patches The issue has been patched. The users of version 1.0.6 and above are not effected...

Product Show Room Site 1.0 Cross Site Scripting

Product Show Room Site - 'Telephone' Stored Cross-Site ScriptingXSS Exploit Title: Product Show Room Site - 'Telephone' Stored Cross-Site ScriptingXSS Exploit Author: [email protected] inc Vendor Homepage:...

Exploit for OS Command Injection in Siemens Brownfield_Connectivity_Gateway

PoC exploit for CVE-2022-1292, an OpenSSL crehash vulnerability...

Ingredient Stock Management System 1.0 Account Takeover

Exploit Title: Ingredient Stock Management System v1.0 - Account Takeover Unauthenticated Date: 28/05/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

How Secrets Lurking in Source Code Lead to Major Breaches

If one word could sum up the 2021 infosecurity year well, actually three, it would be these: "supply chain attack". A software supply chain attack happens when hackers manipulate the code in third-party software components to compromise the 'downstream' applications that use them. In 2021, we hav...

New Linux-Based Ransomware Cheerscrypt Targeting ESXi Devices Linked to Leaked Babuk Source Code

New findings showed that Cheerscrypt, a new Linux-based ransomware variant that compromises ESXi servers, was derived from the leaked Babuk source code. We discuss our analysis in this report...

Dolibarr CRM allows Privilege Escalation

Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code...