2121 matches found
Reflected XSS on conversion filter function
Description Fava v1.22 have a conversion filter function on income statement dashboard which allow user to perform XSS due to improper validation on filter conversion. Proof of Concept 1 Navigate to Fava demo instance https://fava.pythonanywhere.com/example-beancount-file/incomestatement/. 2 Filt...
Caller can receive liquidatorCut without transferring underlying when calling payBase()
Lines of code Vulnerability details Impact If baseJoin's available balance is greater than callers' amount no underlying will be transferred but caller still gets liquidatorCut. This may also negatively impact the accounting since its updated under the assumption that the caller will transfer...
Unsafe _price cast
Lines of code Vulnerability details Impact The price provided by chainlink AggregatorV3 could be a negative, if that happend the cast of the price goes high, in example, cast -1 to uint256 was 2256 - 1 Proof of Concept return uint256price.adjustDecimalsfeedDecimals, decimals; Tools Used Manual...
The vulnerability of the log_statement_ex method (plugin/server_audit/server_audit.c) of the MariaDB database management system allows a hacker to cause a service failure.
The vulnerability of the logstatementex method in the MariaDB database management system’s plugin/serveraudit/serveraudit.c file is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause service failures...
Overpaying ETH in InfinityExchange
Lines of code Vulnerability details Impact A user of the InfinityExchange contract can accidentally send more ETH than needed without the possibility to get the overpaid amount refunded. Proof of Concept if isMakerSeller && currency == address0 requiremsg.value = totalPrice, 'invalid total price'...
Amodat Mobile Application Gateway SQL Injection Vulnerability
Amodat Mobile Application Gateway, a mobile application gateway from Amodat Israel, is vulnerable to a SQL injection vulnerability in versions prior to 7.12.00.09, which stems from a lack of validation of external input by agentid SQL statement validation. An attacker could use this vulnerability...
EulerOS 2.0 SP9 : cyrus-sasl (EulerOS-SA-2022-1835)
According to the versions of the cyrus-sasl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement...
Online Ordering System SQL Injection Vulnerability (CNVD-2022-55718)
Online Ordering System is a multi-store ordering system that can be used by any small business. SQL statement validation, which can be exploited to execute illegal SQL commands to steal sensitive database data...
CVE-2022-32275
Grafana 8.4.3 allows reading files via for example a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content...
user can pay alot of money with out getting his tokens
Lines of code Vulnerability details lockveasset function: lockveasset functoin should do some transfer but if that dosnt happen then user can can loose alot of money and if incentiveveasset is 0 because the check is 0 and if statment will not pass and the minting will not happen and your not goin...
mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries
MariaDB through 10.5.9 allows a setvar.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery...
CSCMS Music Portal System SQL Injection Vulnerability (CNVD-2022-45396)
CSCMS Music Portal System is a diversified content management system of China Chong Sheng Network Technology CSCMS Company. CSCMS Music Portal System suffers from a SQL injection vulnerability that originates from the lack of validation of the id parameter of /admin.php/pic/admin/type/hy against...
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex the held lock lock_bigbuffer is not released correctly which allows local users to trigger a denial of service due to the deadlock.
...
Denial Of Service (DoS)
mariadb is vulnerable to denial of service. An attacker can crash the application through the subselect::initexprcachetracker of the library by providing a specially crafted SQL statement...
EulerOS 2.0 SP3 : cyrus-sasl (EulerOS-SA-2022-1712)
According to the versions of the cyrus-sasl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement...
EulerOS 2.0 SP3 : mariadb (EulerOS-SA-2022-1746)
According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - MariaDB through 10.5.9 allows an application crash in findfieldintables and findorderinlist via an unused common table expression CTE...
ALPINE-CVE-2022-31624
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/serveraudit/serveraudit.c method logstatementex, the held lock lockbigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock...
DEBIAN-CVE-2022-31624
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/serveraudit/serveraudit.c method logstatementex, the held lock lockbigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock...
CVE-2022-31624
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/serveraudit/serveraudit.c method logstatementex, the held lock lockbigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock...
Design/Logic Flaw
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/serveraudit/serveraudit.c method logstatementex, the held lock lockbigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock...