Lucene search
K

20 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:17 p.m.7 views

CVE-2022-0837

The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious...

5.5CVSS6.3AI score0.00609EPSS
Exploits2References1
Huntr
Huntr
added 2023/03/28 7:14 p.m.18 views

Input validation and money transfer vulnerability with negative number

Description I transfer money from account1 to account2. According to the scenario, account 1 will be deducted, and account 2 will add money. But account1 was add, account was sub. If I use a negative number and its value exceeds the account balance, the money will still be added to the transfer...

6.8AI score
Exploits0References1
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.12 views

Consistently check account balance before and after transfers for Fee-On-Transfer discrepancies

Lines of code Vulnerability details As arbitrary ERC20 tokens can be passed, the amount here should be calculated every time to take into consideration a possible fee-on-transfer or deflation. Also, it's a good practice for the future of the solution. Affected code:...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/05/30 12:0 a.m.8 views

Consistently check account balance before and after transfers for Fee-On-Transfer discrepancies

Lines of code Vulnerability details As arbitrary ERC20 tokens can be passed, the amount here should be calculated every time to take into consideration a possible fee-on-transfer or deflation. Also, it's a good practice for the future of the solution. Affected code: contracts/contracts/Bribe.sol:...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/05/25 12:0 a.m.15 views

Consistently check account balance before and after transfers for Fee-On-Transfer discrepancies

Lines of code Vulnerability details As arbitrary ERC20 tokens can be passed, the amount here should be calculated every time to take into consideration a possible fee-on-transfer or deflation. Also, it's a good practice for the future of the solution. Affected code:...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/05/09 12:0 a.m.8 views

Consistently check account balance before and after transfers for Fee-On-Transfer discrepancies

Lines of code Vulnerability details Impact Wrong amount emitted in SendToCosmosEvent event Proof of Concept File: Gravity.sol 595: function sendToCosmos 596: address tokenContract, 597: bytes32 destination, 598: uint256 amount 599: public nonReentrant 600:...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/05/08 12:0 a.m.13 views

Consistently check account balance before and after transfers for Fee-On-Transfer discrepancies

Lines of code Vulnerability details Impact Wrong bookkeeping, albeit limited to the concerned tree with a FoT Token Wrong amount emitted Proof of Concept contracts/MerkleDropFactory.sol: 77: requireIERC20merkleTree.tokenAddress.transferFrommsg.sender, addressthis, value, "ERC20 transfer failed";...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2022/05/07 4:46 p.m.39 views

Glovo: Integer overflow vulnerability

Summary: In one of my previous reports i send parameter tampering report vulnerability. Then you asked me to send PoC and you just closed it, that's why i'm sending you this new report with exactly name of vulnerability. Integer Overflows are closely related to other conditions that occur when...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2022/04/07 12:0 a.m.12 views

Consistently check account balance before and after transfers for Fee-On-Transfer discrepancies

Lines of code Vulnerability details Impact Wrong amount calculated for facilitatorTake Proof of Concept Arbitrary ERC20 tokens can be passed as loanAssetContractAddress. With a transfer, the received amount should be calculated every time to take into consideration a possible fee-on-transfer or...

6.8AI score
Exploits0
NVD
NVD
added 2022/04/04 4:15 p.m.23 views

CVE-2022-0837

The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious...

5.5CVSS0.00609EPSS
Exploits2References1
OSV
OSV
added 2022/04/04 4:15 p.m.3 views

CVE-2022-0837

The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious...

5.4CVSS6.1AI score0.00609EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/04/04 4:15 p.m.5 views

CVE-2022-0837

The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious...

5.5CVSS5.9AI score0.00609EPSS
Exploits2References2
Prion
Prion
added 2022/04/04 4:15 p.m.20 views

Design/Logic Flaw

The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious...

5.5CVSS5.4AI score0.00609EPSS
Exploits2References1Affected Software1
Code423n4
Code423n4
added 2022/02/02 12:0 a.m.9 views

Consistently check account balance before and after transfers for Fee-On-Transfer discrepencies

Handle Dravee Vulnerability details Impact Wrong fateBalance bookkeeping for a user. Wrong fateCreated value emitted. Proof of Concept Taking into account the FOT is done almost everywhere important in the solution already. That's a known practice in the solution. However, it's missing here see...

6.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2021/06/29 9:14 p.m.74 views

Consensus flaw during block processing in github.com/ethereum/go-ethereum

Impact A consensus-vulnerability in Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Description A flaw was repoted at 2020-08-11 by John Youngseok Yang Software Platform Lab, where a particular sequence of transactions could cause a consensus failur...

5.3CVSS5.4AI score0.00909EPSS
Exploits0References8Affected Software1
CNVD
CNVD
added 2020/05/21 12:0 a.m.1 views

Logic flaw vulnerability in LJCMSshop of Beijing Liangjing Zhicheng Technology Co., Ltd (CNVD-2020-33100)

Liangjing Mall online shopping system is a set of multi-functional online store system that can fit different types of goods and is super flexible. A logic flaw vulnerability exists in LJCMSshop of Beijing Liangjing Zhicheng Technology Co., Ltd, which can be exploited by attackers to modify accou...

6.8AI score
Exploits0
CNVD
CNVD
added 2020/05/06 12:0 a.m.4 views

USDT has a fake top-up vulnerability

USDT is a token based on P2P transactions. The vulnerability stems from a flaw in the logic used by exchanges to confirm the success of a USDT top-up transaction by not checking the value of the valid field in the transaction details on the blockchain to see if it is true, resulting in a "fake...

6.8AI score
Exploits0
exploitpack
exploitpack
added 2018/05/23 12:0 a.m.22 views

eWallet Online Payment Gateway 2 - Cross-Site Request Forgery

eWallet Online Payment Gateway 2 - Cross-Site Request Forgery Exploit Title: eWallet - Online Payment Gateway 2 - Cross-Site Request Forgery Date: 2018-05-23 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/ewallet-online-payment-gateway/19316332?srank=1110 Version: 2 Tested on:...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2018/03/22 7:3 a.m.38 views

Coinbase: ETH contract handling errors

A business logic error in the ETH contract handling code allowed for a nested revert call in contract execution to improperly credit a user account though funds had not been transferred. In addition, the code did not appropriately handle delegatecall within a contract. Sample contract for the fir...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2017/12/27 8:38 a.m.61 views

Coinbase: Ethereum account balance manipulation

The researchers noticed an issue with our ETH receiving code when receiving from a contract. This allowed sending of ETH to Coinbase to be credited even if the underlying contract execution failed. The issue was fixed by changing the contract handling logic. Analysis of the issue indicated only...

6.8AI score
Exploits0
Rows per page
Query Builder