10 matches found
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the AccountEntriesAdminPortletaddressId parameter. An attacker can access address information belonging to other accounts by specifying arbitrary identifiers. Remediation Upgrade...
EUVD-2023-59034
Malicious code in bioql PyPI...
EUVD-2025-22949
Malicious code in bioql PyPI...
CVE-2025-54429
Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for...
CVE-2023-6824
The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address...
CVE-2023-6824 WP Customer Area < 8.2.1 - Subscriber+ Account Address Leak
The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address...
CVE-2023-6824 WP Customer Area < 8.2.1 - Subscriber+ Account Address Leak
The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address...
CVE-2023-6741 WP Customer Area < 8.2.1 - Subscriber+ Account Address Update
The WP Customer Area WordPress plugin before 8.2.1 does not properly validate users capabilities in some of its AJAX actions, allowing malicious users to edit other users' account address...
_isRevocable is tied to the address and can be set by anyone
Handle pauliax Vulnerability details Impact function vest has a parameter isRevocable that is tied to the account address of beneficiary. because anyone can call vest, it allows overriding benRevocable as many times as you want. I see several potential problems with this: 1. isRevocable sets glob...
buyincoins.com XSS vulnerability
Vulnerable URL: http://www.buyincoins.com/?r=account/customer/AddressList Details: Description| Value ---|--- Patched:| Yes, at 30.01.2016 Latest check for patch:| 30.01.2016 22:53 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 17593 Google Pagerank| 3 VIP...