#git

Human Resource Management System 2024 version 1.0 suffers from a remote SQL injection vulnerability.

Jasmin Ransomware version 1.1 suffers from an arbitrary file read vulnerability.

A remote code execution vulnerability in Gibbon online school platform version 26.0.00 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint /modules/System%20Admin/import_run.php&type=externalAssessment&step=4. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.

**Name**: ASA-2024-007: Potential Reentrancy using Timeout Callbacks in ibc-hooks **Component**: ibc-go **Criticality**: Critical ([ACMv1](https://github.com/interchainio/security/blob/main/resources/CLASSIFICATION_MATRIX.md): I:Critical; L:AlmostCertain) **Affected versions**: < v4.6.0, < v5.4.0, < v6.3.0, < v7.4.0, < v8.2.0 **Affected users**: Chain Builders + Maintainers # Summary Through the deployment and subsequent use of a malicious CosmWasm contract via IBC interactions, an attacker could potentially execute the same `MsgTimeout` inside the IBC hook for the `OnTimeout` callback before the packet commitment is deleted. On chains where ibc-hooks wraps ICS-20, this vulnerability may allow for the logic of the `OnTimeout` callback of the transfer application to be recursively executed, leading to a condition that may present the opportunity for the loss of funds from the escrow account or unexpected minting of tokens. # Affected Configurations Chains which satisfy all of the fo...

**Summary** The absence of restrictions on the endpoint, which allows you to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution. **Details** Vulnerable endpoint: POST /files **PoC** 1. Create a file distribution. <img width="1434" alt="Снимок экрана 2024-03-17 в 21 27 30" src="https://github.com/psi-4ward/psitransfer/assets/163760990/4634a6f7-6e7d-486e-9929-76156aaa1340"> 2. Go to the link address (id of the file distribution is needed by an attacker to upload files there). <img width="1426" alt="Снимок экрана 2024-03-17 в 21 27 35" src="https://github.com/psi-4ward/psitransfer/assets/163760990/a57c910c-69e2-4b07-985d-b0a46c69891a"> 3. Send a POST /files. As the value of the Upload-Metadata header we specify the sid parameter with the id of the file distribution obtained in the second step. In the response from the server in the Location header we get the path for uploading a new file to the file distribution. <i...

By Uzair Amir The partnership will bring millions of players into the Immutable web3 ecosystem while providing GAM3S.GG with the leading web3 gaming platform on the market. This is a post from HackRead.com Read the original post: GAM3S.GG and Immutable Announce Partnership for Web3 Gaming Expansion

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading to version 0.7.0 of libdav1d-sys, which includes dav1d 1.4.0.

As of version 0.6.0, the ObjectPool explicitly creates an uninitialized instance of its type parameter when it attempts to free an object, and swaps it into the storage. This causes instant undefined behavior due to reading the uninitialized memory in order to write it to the pool storage. Extremely basic usage of the crate can trigger this issue, e.g. this code from a doctest: ```rust use crayon::prelude::*; application::oneshot().unwrap(); let mut params = MeshParams::default(); let mesh = video::create_mesh(params, None).unwrap(); // Deletes the mesh object. video::delete_mesh(mesh); // <-- UB ``` The Clippy warning for this code was silenced in commit c2fde19caf6149d91faa504263f0bc5cafc35de5. Discovered via https://asan.saethlin.dev/ub?crate=crayon&version=0.7.1

With versions of the whoami crate >= 0.5.3 and < 1.5.0, calling any of these functions leads to an immediate stack buffer overflow on illumos and Solaris: - `whoami::username` - `whoami::realname` - `whoami::username_os` - `whoami::realname_os` With versions of the whoami crate >= 0.5.3 and < 1.0.1, calling any of the above functions also leads to a stack buffer overflow on these platforms: - Bitrig - DragonFlyBSD - FreeBSD - NetBSD - OpenBSD This occurs because of an incorrect definition of the `passwd` struct on those platforms. As a result of this issue, denial of service and data corruption have both been observed in the wild. The issue is possibly exploitable as well. This vulnerability also affects other Unix platforms that aren't Linux or macOS. This issue has been addressed in whoami 1.5.0. For more information, see [this GitHub issue](https://github.com/ardaku/whoami/issues/91).

Due to insufficient checking of input data, decoding certain data sequences can lead to _Decoder::decode_ panicking rather than returning an error. Example code that triggers this vulnerability looks like this: ```rust use hpack::Decoder; pub fn main() { let input = &[0x3f]; let mut decoder = Decoder::new(); let _ = decoder.decode(input); } ``` hpack is unmaintained. A crate with the panics fixed has been published as [hpack-patched](https://crates.io/crates/hpack-patched). Also consider using [fluke-hpack](https://crates.io/crates/fluke-hpack) or [httlib-huffman](https://crates.io/crates/httlib-huffman) as an alternative.