CVE-2023-7345 Ledger Live hw-app-eth EIP-712 Message Parsing Integer Truncation

Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7 contains an integer parsing vulnerability that allows attackers to manipulate EIP-712 typed data messages by exploiting incorrect hexadecimal field parsing when values contain an odd number of characters. Attackers can...

CVE-1999-0707

The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization...

PT-2024-16444 · Google · Google Quickshare

Name of the Vulnerable Software and Affected Versions: Google Quick Share Windows versions prior to 1.0.2002.2 Google Quick Share commit prior to 5d8b9156e0c339d82d3dab0849187e8819ad92c0 Description: An authentication bypass exists in Google Quick Share, allowing an attacker to upload an unknown...

CVE-2023-47035

RPTC 0x3b08c was discovered to not conduct status checks on the parameter tradingOpen. This vulnerability can allow attackers to conduct unauthorized transfer operations...

PT-2024-13404 · Rptc · Rptc

Name of the Vulnerable Software and Affected Versions: RPTC version 0x3b08c Description: The issue is related to the lack of status checks on the tradingOpen parameter, which can be exploited by attackers to conduct unauthorized transfer operations. Recommendations: For RPTC version 0x3b08c,...

Allowance manipulation in UserEscrow struct leads to unauthorized token transfers due to overreliance on maximum allowance check

Lines of code Vulnerability details Summary The UserEscrow smart contract contains a vulnerability that can possibly allow unauthorized users to transfer tokens out of the contract. Specifically, an attacker can exploit this flaw by manipulating the allowances, thus enabling them to bypass the...

Malicious RestrictionManger can be used to verify Tranche Members

Lines of code Vulnerability details The ability to file a new Restriction Manger after deployment can actually be utilized by a rouge ward and deploy a malicious version of the RestrictionManger that implements almost the same thing as the originals, but just tweaked to return the SUCCESSMESSAGE...

CVE-2020-9411

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows an attacker to perform unauthorized network file transfers to and from the file system accessible to the affected component. This...

bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable

It was found that the controls for zone transfer were not properly applied to Dynamically Loadable Zones DLZs. An attacker acting as a DNS client could use this flaw to request and receive a zone transfer of a DLZ even when not permitted to do so by the "allow-transfer" ACL...

FuturXE has an unspecified vulnerability

FuturXE FXE is an ethereum-based virtual currency. A security vulnerability exists in the 'transferFrom' function of the smart contract implementation in FXE, which stems from a logic error in the program. An attacker could exploit the vulnerability to make an unauthorized transfer of digital...

Weak Password Vulnerability in Some Interfaces of China Mobile's Mobile Client

China Mobile Mobile Client is a mobile application launched by China Mobile. A weak password vulnerability exists in some interfaces of the China Mobile mobile client. Since the post data is obtained by reversing the apk using "Eastern=! @$%^&=World" as the password, using 3 des encryption, no...

Cybercrime Hit Businesses Hardest in 2015, says IC3 Report

Businesses were hit hardest by inbox-based scams in 2015 that robbed U.S. companies of $263 million. The numbers come from the FBI’s recently released 2015 Internet Crime Report that tallies the types of cybercrimes hitting U.S. business and individuals the hardest. According to the FBI, its...

FBI Warns of Massive Wire Fraud Scams

The FBI is warning businesses about an ongoing spate of attacks that are stealing millions of dollars from companies through unauthorized bank transfers to Chinese companies. The fraudulent wire transfers are not a new tactic, but the FBI says the current round of attacks is notable in that...