9 matches found
📄 Citrix Bleed 2 PHP Mass Scanner
This is a high-speed mass-scanner written in PHP designed to test for data leakage through the CitrixBleed2 InitialValue extraction issue. The tool reproduces the functionality of the original Bash/Parallel scanner but works in restricted PHP environments...
SUSE CVE-2019-9792
The IonMonkey just-in-time JIT compiler can leak an internal JSOPTIMIZEDOUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird...
TokenggAVAX share price manipulation
Lines of code Vulnerability details Impact Reporting this issue as medium severity as a leak of value. Solmate's ERC4626 convertToShares calculates shares as assets totalSupply / totalAssets. It is possible to exploit this function by depositing 1 wei of asset in exchange 1 share totalSupply = 1...
buyQuote should be rounded up
Lines of code Vulnerability details Impact The buyQuote is not rounded up, which can cause a leak of value, due to the buyQuote being underestimated. Proof of Concept The function Pair.buyQuote does not round up, which can cause the issue described under Impact: function buyQuoteuint256...
SUSE-SU-2022:3941-1 Security update for xwayland
This update for xwayland fixes the following issues: - CVE-2022-3550: Fixed out of bounds read/write in GetCountedString bsc1204412. - CVE-2022-3551: Fixed various leaks of the return value of GetComponentSpec bsc1204416...
MED: leak of value when interacting with an ERC721 enforcer contract
Lines of code Vulnerability details Description HolographERC721.sol is an enforcer of the ERC721 standard. In its fallback function, it calls the actual implementation in order to handle additional logic. If Holographer is called with no calldata and some msg.value, the call will reach the receiv...
User can refer themselves
Lines of code Vulnerability details Impact User can refer themselves when collect in any CollectModule that collect fee. The will lead to value leak as user can always refer themselves to receive a referral fee as discount. Proof of Concept Recommended Mitigation Steps Check if referrer ==...
Spidermonkey IonMonkey JS_OPTIMIZED_OUT Value Leak Exploit
Spidermonkey IonMonkey can, during a bailout, leak an internal JSOPTIMIZEDOUT magic value to the running script. This magic value can then be used to achieve memory corruption. Spidermonkey: IonMonkey leaks JSOPTIMIZEDOUT magic value to script Related CVE Numbers: CVE-2019-9792. TURN ON "CODE...
Spidermonkey IonMonkey JS_OPTIMIZED_OUT Value Leak
Spidermonkey: IonMonkey leaks JSOPTIMIZEDOUT magic value to script Related CVE Numbers: CVE-2019-9792. TURN ON "CODE FONT" IN THE TOP RIGHT TO CORRECTLY SEE THE CFGs! IonMonkey can, during a bailout, leak an internal JSOPTIMIZEDOUT magic value to the running script. This magic value can then be...