Attacker can use the same param to call Community.escrow() multiple times and reduce all the debt

Lines of code Vulnerability details Impact In Community contract, function escrow is used to reduce debt when lender comed in terms with the builder and agent to reduce debt. It checks that all lender, builder and agent are signed the data. But the issue is there is no nonce value in data which...

Project party can unilaterally change price payed at task completion

Lines of code Vulnerability details Impact If there has been more than a change in a task's cost through mulitple calls to changeOrder, signatures previously passed can be replayed by one party to change the price payed for the task without consent of the other parties by frontrunning call to...

Malicious callers can replay disputes

Lines of code Vulnerability details Unlike some of the other signature based operations in the Rigor system, dispute signatures do not include a nonce and are vulnerable to replay attacks. This is similar to my finding in 339, but lower severity, since it is more of a spamming/griefing vector...

Builder can reduce his debt more than expected by replaying signature

Lines of code Vulnerability details Impact A builder can, after it convened with the lender and an external agent to reduce his debt through escrow, reuse the signature and pass it again to escrow many times. This allows him to reduce his debt more than expected, leaving the lender at a loss. Pro...

CVE-2022-36968

In Progress WSFTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery CSRF attacks...

CVE-2022-36968

In Progress WSFTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery CSRF attacks...

Cross site request forgery (csrf)

In Progress WSFTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery CSRF attacks...

Progress WS_FTP Server 跨站请求伪造漏洞

Progress WSFTP Server is an effective and highly manageable FTP server from Progress. A security vulnerability exists in Progress WSFTP Server versions prior to 8.7.3, which stems from a form in its administration interface that does not contain a nonce to reduce the risk of cross-site request...

PT-2022-23714 · Ipswitch · Ws Ftp Server

Name of the Vulnerable Software and Affected Versions: In Progress WS FTP Server versions prior to 8.7.3 Description: The issue concerns forms within the administrative interface that did not include a nonce, which is used to mitigate the risk of cross-site request forgery CSRF attacks. CSRF...

Fluent Support < 1.5.8 - Admin+ SQLi

The plugin does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exploitable by high privilege users With at least one support ticket in the system:...

Fluent Support < 1.5.8 - Admin+ SQLi

The plugin does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exploitable by high privilege users PoC With at least one support ticket in the system:...

LinkWorth Plugin < 3.3.4 - Arbitrary Setting Update via CSRF

The plugin does not implement nonce checks, which could allow attackers to make a logged in admin change settings via a CSRF attack. PoC...

CVE-2022-2443

The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.2. This is due to missing nonce protection on the FreemindOptions function found in the /freemind-wp-browser.php file. This makes it possible for unauthenticated attackers t...

CVE-2022-2435

The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1. This is due to missing nonce protection on the createDOMStructure function found in the /anymind-widget-id.php file. This makes it possible for unauthenticated attackers to...

CVE-2022-2443

The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.2. This is due to missing nonce protection on the FreemindOptions function found in the /freemind-wp-browser.php file. This makes it possible for unauthenticated attackers t...

CVE-2022-2223

The WordPress plugin Image Slider is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1.121 due to failure to properly check for the existence of a nonce in the function ewicduplicateslider. This make it possible for unauthenticated attackers to duplicate existing posts...

CVE-2022-2224

The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in the function gifeedduplicatefeed. This make it possible for unauthenticated attackers to duplicate...

CVE-2022-2443

The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.2. This is due to missing nonce protection on the FreemindOptions function found in the /freemind-wp-browser.php file. This makes it possible for unauthenticated attackers t...

CVE-2022-2223

The WordPress plugin Image Slider is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1.121 due to failure to properly check for the existence of a nonce in the function ewicduplicateslider. This make it possible for unauthenticated attackers to duplicate existing posts...

CVE-2022-2224

The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in the function gifeedduplicatefeed. This make it possible for unauthenticated attackers to duplicate...