119 matches found
Code injection
A lack of target address verification in the selfdestructs function of ICOVO 1.0 allows attackers to steal tokens from victim users via a crafted script...
Design/Logic Flaw
A lack of target address verification in the BurnMe function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script...
Code injection
A lack of target address verification in the destroycontract function of 0xRACER 1.0 allows attackers to steal tokens from victim users via a crafted script...
CVE-2020-19767
CVE-2020-19767 affects 0xRACER v1.0: a lack of target address verification in the destroycontract() function enables an attacker to steal tokens from victim users via a crafted script. Root cause: input/target address validation gap in destroycontract(). Documents do not provide a confirmed fix o...
CVE-2020-19769
CVE-2020-19769 : A lack of target address verification in the BurnMe() function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script. Affected software: Rob The Bank 1.0 (BurnMe() function). Root cause: missing target address verification. Impact: token thef...
CVE-2020-19769
A lack of target address verification in the BurnMe function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script...
CVE-2020-19768
CVE-2020-19768 concerns ICOVO 1.0, where a lack of target address verification in the selfdestructs() function enables attackers to steal tokens from victim users via a crafted script. The issue is reported across multiple sources (NVD/Red Hat/CNVD/etc.) with the same core flaw. The connected doc...
in emoncms/dashboard
💥 BUG account takeover via host-header injection It allow attacker to change url of account-verification link and verify any email-address . 💥 STEP TO REPRODUCE 1. First as attacker create a account with email [email protected]. You dont own that email-address .\ You cant login untill you verify that...
Google now requires app developers to verify their address and use 2FA
Google on Monday announced new measures for the Play Store, including requiring developer accounts to turn on 2-Step Verification 2SV, provide an address, and verify their contact details later this year. The new identification and two-factor authentication requirements are a step towards...
USN-4875-1 opensmtpd vulnerabilities
It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could possibly use this vulnerability to execute arbitrary commands as root. CVE-2020-7247 It was discovered that OpenSMTPD did not properly handle hardlinks und...
Debian DLA-2234-1 : netqmail security update
There were several CVE bugs reported against src:netqmail. CVE-2005-1513 Integer overflow in the strallocreadyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code vi...
CVE-2020-3811
qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability...
UBUNTU-CVE-2020-3811
qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability...
CVE-2020-3811
CVE-2020-3811 affects netqmail 1.06 (qmail-verify) where improper input handling allows a mail-address verification bypass. Connected Debian/Ubuntu advisories (DLA-2234, USN-4621-1, USN-4556-1) indicate this vulnerability alongside CVE-2020-3812 and older CVEs; mitigation in Debian for Jessie is ...
CVE-2020-3811
Removed by vendor...
Debian DSA-4692-1 : netqmail - security update
Georgi Guninski and the Qualys Research Labs discovered multiple vulnerabilities in qmail shipped in Debian as netqmail with additional patches which could result in the execution of arbitrary code, bypass of mail address verification and a local information leak whether a file exists or not. C...
Debian: Security Advisory (DSA-4692-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 4692-1] netqmail security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4692-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 24, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4692-1] netqmail security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4692-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 24, 2020 https://www.debian.org/security/faq -...
CVE-2019-14880
A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise...