9 matches found
Exploit for CVE-2024-9926
wordpress-jetpack-broken-access-control-vulnerable-application...
Exploit for Unrestricted Upload of File with Dangerous Type in Git
CVE-2024-32002 PoC 1. You must set up the git's symbolic link...
Online Security Guards Hiring System 1.0 Cross Site Scripting
Exploit Title: Online Security Guards Hiring System 1.0 – REFLECTED XSS Google Dork : NA Date: 23-01-2023 Exploit Author : AFFAN AHMED Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/projects/Online-Security-Guard-Hiring-SystemPHP.zip Version: 1.0 Tested on: Windows ...
Reentrancy guard in rageQuit() can be bypassed
Lines of code Vulnerability details Reentrancy guard in rageQuit can be bypassed The reentrancy guard present in the rageQuit function can be bypassed by host accounts, leading to reentrancy attack vectors and loss of funds. Impact The new rageQuit function can be used by party members to exit...
PartyGovernanceNFT.sol: burn function does not reduce totalVotingPower making it impossible to reach unanimous votes
Lines of code Vulnerability details Impact With the new version of the Party protocol the PartyGovernanceNFT.burn function has been introduced. This function is used to burn party cards. According to the sponsor the initial purpose of this function was to enable the InitialETHCrowdfund contract t...
TokenggAVAX share price manipulation
Lines of code Vulnerability details Impact Reporting this issue as medium severity as a leak of value. Solmate's ERC4626 convertToShares calculates shares as assets totalSupply / totalAssets. It is possible to exploit this function by depositing 1 wei of asset in exchange 1 share totalSupply = 1...
Add reward token existence check in order to avoid user reward lost.
Lines of code Vulnerability details Impact The user can lost his rewards if the reward token is removed from the producerTokensproducerToken.rewardTokens list. If the reward token is removed, the rewardToken length is going to be zero, the user rewards going to be zero and the for statement will...
MAL-2022-5528 Malicious code in purple_team_midway_teste_cenario_1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0da74d83112d47ea6bda3eedd0cb4f78fb0fd300a9e57fc9bb567c4e97e8c320 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
See my how-to the Apache fuzzing and dig to a value of 1500 knife of vulnerability-vulnerability warning-the black bar safety net
Target In the AFL in the view of the Apache httpd server's crash logs, I found a lot of problems. For example, some crash testing with example in fuzz testing tools internal collapse, but also affect the test program stability. In this article, I will talk to you to explain the test case to crash...