Business Logic Errors in yetiforcecompany/yetiforcecrm

Description YetiForceCRM application is vulnerable to Business Logic Errors in the Weight of a Product since that value can be a negative number. Proof of Concept 1.After login, in the left menu bar, click Databases - Products 2.Click any product to go to the product details. 3.In the product...

Business Logic Errors in tsolucio/corebos

Description The application is vulnerable to Business Logic error through negative product amount. Proof of Concept Step 1: Login into the application https://demo.corebos.com/index.php?action=Login&module=Users Step 2: Navigate to Inventory - Product - Edit any product. Step 3: Now enter an amou...

Business Logic Errors in yetiforcecompany/yetiforcecrm

Description The application is vulnerable to Business Logic error through negative product amount. Proof of Concept Step 1: Login into the application https://gitstable.yetiforce.com/index.php Step 2: Navigate to Database - Product - Edit any product. Step 3: Now enter a negative amount in Unit...

Business Logic Errors in pimcore/pimcore

Description The application is vulnerable to Business Logic error through negative cart amount. Proof of Concept Step 1: Login to the application https://10.x-dev.pimcore.fun/admin/login?perspective= Step 2: Navigate to Online shop - Pricing Rules - Voucher Discount - Actions Step 3: Enter Negati...

CVE-2021-37071

There is a Business Logic Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to persistent dos...

CVE-2021-37071

There is a Business Logic Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to persistent dos...

Spoofing

There is a Business Logic Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to persistent dos...

CVE-2021-37071

CVE-2021-37071 pertains to Huawei HarmonyOS and is described in connected sources as a Business/Processing Logic Error vulnerability in HarmonyOS components. The CVE entry itself notes that exploitation may lead to a persistent DoS. Connected CNNVD documentation identifies a Processing Logic Erro...

CVE-2021-37071

There is a Business Logic Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to persistent dos...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2682)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Business Logic Errors in simplcommerce/simplcommerce

Description SimplCommerce allows negative product allowing one to get products for free The fix here https://github.com/simplcommerce/SimplCommerce/issues/971 does not work because client-side controls can by bypassed by modifying the POST request Proof of Concept 1: Add one $75 and $25 item in...

CVE-2021-41122

Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0...

PYSEC-2021-366

Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0...

PYSEC-2021-366

Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0...

CVE-2021-41122 Bounds check missing for decimal args in Vyper

Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0...

Docker < 1.8.3 Multiple Vulnerabilities

Docker is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Debian DLA-2734-1 : curl - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2734 advisory. - curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send...

Code injection

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead ...

Business Logic Errors in pimcore/pimcore

✍️ Description Pimcore is vulnerable to Business Logic error through negative products amount. 🕵️‍♂️ Proof of Concept HTML content: HTML 1. Save the above content into an HTML file. 2. Open the HTML file on the browser and click on Submit button. 3. Check out the total price. PoC video. 💥 Impact It...

Business Logic Errors in microweber/microweber

✍️ Description microweber is vulnerable to Business Logic error through negative product price. 🕵️‍♂️ Proof of Concept HTML content: HTML 1. Save the above content into an HTML file. 2. Access the app localhost and add a product to the cart. 3. Open the HTML file and click on submit button to take...