EUVD-2014-3541

Malware in sbrugna...

EUVD-2023-46167

Malicious code in bioql PyPI...

id-wad.ru Cross Site Scripting vulnerability OBB-3912117

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-41675

A use after free vulnerability CWE-416 in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching pro...

CVE-2023-41675

A use after free vulnerability CWE-416 in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching pro...

CVE-2023-41675

A use after free vulnerability CWE-416 in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching pro...

Fortinet FortiOS and FortiProxy Resource Management Error Vulnerability

Fortinet FortiOS and Fortinet FortiProxy are both products of Fortinet, Inc. Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content...

PT-2023-6002 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.0.0 through 7.0.10 FortiOS versions 7.2.0 through 7.2.4 FortiProxy versions 7.0.0 through 7.0.8 FortiProxy versions 7.2.0 through 7.2.2 Description: A use after free vulnerability in FortiOS and FortiProxy may allow an...

Malicious Package

Overview wad-workshop-starter is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious code in wad-workshop-starter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b52731d8d5da8ee84613a13cbe9af2b0c7ad22280e6b81e461977257d682892 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

FortiWeb - OS command injection due to unsafe input validation function

An improper neutralization of special elements used in an OS command vulnerability 'OS Command Injection' CWE-78 in FortiWeb may allow authenticated users to execute unauthorized code or commands via crafted HTTP GET requests to WAD configuration handlers...

Wrong keeper reward computation

Handle cmichel Vulnerability details The PoolKeeper.keeperReward computation mixes WADs and Quads which leads to issues. 1. Note that keeperTip returns values where 1 = 1%, and 100 = 100%, the same way BASETIP = 5 = 5%. Thus tipPercent = ABDKMathQuad.fromUIntkeeperTip is a Quad value of this keep...

Incorrect usage of _pow in _computeSingleOutGivenPoolIn of IndexPool

Handle broccoli Vulnerability details Impact The computeSingleOutGivenPoolIn function of IndexPool uses the pow function to calculate tokenOutRatio with the exponent in WAD i.e., in 18 decimals of precision. However, the pow function assumes that the given exponent n is not in WAD. for example,...

Valve: [GoldSrc] Remote Code Execution using malicious WAD list in BSP file

Summary TEXInitFromWad function calls COMFileBase to get file name from a path into a buffer on the stack. Since COMFileBase does not have boundary checks and the buffer is small, long WAD file name can trigger a Stack Buffer Overflow, leading to arbitrary code execution. Steps to reproduce...

Categorizator 0.3.1 SQL Injection

Exploit Title: Categorizator 0.3.1 | SQL Injection Date: 03/09/16 Exploit Author: Wad Deek Vendor Homepage: http://lelogiciellibre.net/telecharger/annuaire-web.php Software Link: ftp://ftp2.lelogiciellibre.net/lelogiciellibre/annu/categorizator031.zip Version: 0.3.1 Tested on: Xampp on Windows7...

Fortinet FortiOS 5.0.x < 5.0.1 Multiple DoS

The remote host is running a version of Fortinet FortiOS 5.0.x prior to 5.0.1. It is, therefore, affected by multiple denial of service vulnerabilities : - A flaw exists related to the handling of SSH traffic. An unauthenticated, remote attacker can exploit this to crash the proxyworker service. ...

Chronosite 5.12 - SQL Injection

Chronosite 5.12 - SQL Injection Exploit Title: Chronosite 5.12 SQL Injection Google Dork: filetype:php inurl:"/archives.php" intext:"ARCHIVES Chrono-site" Date: 13/05/15 Exploit Author: Wad Deek Vendor Homepage: http://www.chronosite.org/ Software Link:...

Chronosite 5.12 - SQL Injection

Exploit Title: Chronosite 5.12 SQL Injection Google Dork: filetype:php inurl:"/archives.php" intext:"ARCHIVES Chrono-site" Date: 13/05/15 Exploit Author: Wad Deek Vendor Homepage: http://www.chronosite.org/ Software Link: http://www.chronosite.org/chronoupload/chronosite512.zip Version: 5.12 Test...

CVE-2014-3559

The CVE affects Red Hat Enterprise Virtualization (oVirt storage backend). Root cause: memory snapshots are not wiped on VM deletion, even with wipe-after-delete enabled, allowing remote authenticated users to read portions of a VM’s memory from an uninitialized storage volume. Impact per provide...