Unchecked return value for token.transferFrom call

Handle WatchPug Vulnerability details It is usually good to add a require-statement that checks the return value or to use something like safeTransferFrom; unless one is sure the given token reverts in case of a failure. /// ... /// @param token Token that will be issued through this launch event...

Unchecked return value for token.transfer call

Handle WatchPug Vulnerability details It is usually good to add a require-statement that checks the return value or to use something like safeTransfer; unless one is sure the given token reverts in case of a failure. Instances include: token.transfermsg.sender, amount; token.transfermsg.sender,...

WordPress RegistrationMagic V 5.0.1.5 Plugin- SQL Injection Exploit

Exploit Title: WordPress Plugin RegistrationMagic V 5.0.1.5 - SQL Injection Authenticated Date 23.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://registrationmagic.com/ Software Link:...

WordPress Plugin RegistrationMagic V 5.0.1.5 - SQL Injection (Authenticated)

Exploit Title: WordPress Plugin RegistrationMagic V 5.0.1.5 - SQL Injection Authenticated Date 23.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://registrationmagic.com/ Software Link:...

CVE-2022-23968

Xerox VersaLink devices on specific versions of firmware before 2022-01-26 allow remote attackers to brick the device via a crafted TIFF file in an unauthenticated HTTP POST request. There is a permanent denial of service because image parsing causes a reboot, but image parsing is restarted as so...

VulnCheck KEV: CVE-2017-14723

Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb-prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks...

CVE-2021-46340

There is an Assertion 'contextp-stacktopuint8 == SCANSTACKTRYSTATEMENT || contextp-stacktopuint8 == SCANSTACKCATCHSTATEMENT' failed at /parser/js/js-scanner.cscannerscanstatementend in JerryScript 3.0.0...

UBUNTU-CVE-2021-46340

There is an Assertion 'contextp-stacktopuint8 == SCANSTACKTRYSTATEMENT || contextp-stacktopuint8 == SCANSTACKCATCHSTATEMENT' failed at /parser/js/js-scanner.cscannerscanstatementend in JerryScript 3.0.0...

CVE-2021-46340

There is an Assertion 'contextp-stacktopuint8 == SCANSTACKTRYSTATEMENT || contextp-stacktopuint8 == SCANSTACKCATCHSTATEMENT' failed at /parser/js/js-scanner.cscannerscanstatementend in JerryScript 3.0.0...

JerryScript 安全漏洞

JerryScript, a lightweight JavaScript engine from the JerryScript project, has a security vulnerability in JerryScript 3.0.0, which stems from /parser/js/js-scanner.cscannerscan statementend has an assertion contextp-stacktopuint8 == SCANSTACKTRYSTATEMENT || contextp-stacktopuint8 ==...

Cybercriminals’ friend VPNLab.net shut down by law enforcement

Europol has announced that law enforcement has seized or disrupted the 15 servers that hosted VPNLab.net’s service, rendering it no longer available. Led by the Central Criminal Office of the Hannover Police Department in Germany, the coordinated operation took place in Germany itself, the...

Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection

The plugin does not escape the discountcode in one of its REST route available to unauthenticated users before using it in a SQL statement, leading to a SQL injection PoC https://example.com/?restroute=/pmpro/v1/checkoutlevelid=3code=%27%20%20union%20select%20sleep1%20--%20g...

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."

...

Sql injection

USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are...

CVE-2021-45952

Dnsmasq 2.86 has a heap-based buffer overflow in dhcpreply called from dhcppacket and FuzzDhcp. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge...

SolarWinds Network Performance Monitor SendSyslog Exposed Dangerous Function Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the SendSyslog class. This class allows a crafted user-supplied string t...

Unchecked return value for token.transfer call

Handle WatchPug Vulnerability details It is usually good to add a require-statement that checks the return value or to use something like safeTransfer; unless one is sure the given token reverts in case of a failure. Instances include: IERC20Upgradeablevault.transferto, minTokenIn-amountToken;...

Design/Logic Flaw

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."...

CVE-2021-34141

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."...

CVE-2021-24863 StopBadBots < 6.67 - Unauthenticated SQL Injection

The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67 does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection...