20 matches found
CVE-2022-0837
The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious...
Input validation and money transfer vulnerability with negative number
Description I transfer money from account1 to account2. According to the scenario, account 1 will be deducted, and account 2 will add money. But account1 was add, account was sub. If I use a negative number and its value exceeds the account balance, the money will still be added to the transfer...
Consistently check account balance before and after transfers for Fee-On-Transfer discrepancies
Lines of code Vulnerability details As arbitrary ERC20 tokens can be passed, the amount here should be calculated every time to take into consideration a possible fee-on-transfer or deflation. Also, it's a good practice for the future of the solution. Affected code:...
Consistently check account balance before and after transfers for Fee-On-Transfer discrepancies
Lines of code Vulnerability details As arbitrary ERC20 tokens can be passed, the amount here should be calculated every time to take into consideration a possible fee-on-transfer or deflation. Also, it's a good practice for the future of the solution. Affected code: contracts/contracts/Bribe.sol:...
Consistently check account balance before and after transfers for Fee-On-Transfer discrepancies
Lines of code Vulnerability details As arbitrary ERC20 tokens can be passed, the amount here should be calculated every time to take into consideration a possible fee-on-transfer or deflation. Also, it's a good practice for the future of the solution. Affected code:...
Consistently check account balance before and after transfers for Fee-On-Transfer discrepancies
Lines of code Vulnerability details Impact Wrong amount emitted in SendToCosmosEvent event Proof of Concept File: Gravity.sol 595: function sendToCosmos 596: address tokenContract, 597: bytes32 destination, 598: uint256 amount 599: public nonReentrant 600:...
Consistently check account balance before and after transfers for Fee-On-Transfer discrepancies
Lines of code Vulnerability details Impact Wrong bookkeeping, albeit limited to the concerned tree with a FoT Token Wrong amount emitted Proof of Concept contracts/MerkleDropFactory.sol: 77: requireIERC20merkleTree.tokenAddress.transferFrommsg.sender, addressthis, value, "ERC20 transfer failed";...
Glovo: Integer overflow vulnerability
Summary: In one of my previous reports i send parameter tampering report vulnerability. Then you asked me to send PoC and you just closed it, that's why i'm sending you this new report with exactly name of vulnerability. Integer Overflows are closely related to other conditions that occur when...
Consistently check account balance before and after transfers for Fee-On-Transfer discrepancies
Lines of code Vulnerability details Impact Wrong amount calculated for facilitatorTake Proof of Concept Arbitrary ERC20 tokens can be passed as loanAssetContractAddress. With a transfer, the received amount should be calculated every time to take into consideration a possible fee-on-transfer or...
CVE-2022-0837
The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious...
CVE-2022-0837
The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious...
CVE-2022-0837
The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious...
Design/Logic Flaw
The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious...
Consistently check account balance before and after transfers for Fee-On-Transfer discrepencies
Handle Dravee Vulnerability details Impact Wrong fateBalance bookkeeping for a user. Wrong fateCreated value emitted. Proof of Concept Taking into account the FOT is done almost everywhere important in the solution already. That's a known practice in the solution. However, it's missing here see...
Consensus flaw during block processing in github.com/ethereum/go-ethereum
Impact A consensus-vulnerability in Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain. Description A flaw was repoted at 2020-08-11 by John Youngseok Yang Software Platform Lab, where a particular sequence of transactions could cause a consensus failur...
Logic flaw vulnerability in LJCMSshop of Beijing Liangjing Zhicheng Technology Co., Ltd (CNVD-2020-33100)
Liangjing Mall online shopping system is a set of multi-functional online store system that can fit different types of goods and is super flexible. A logic flaw vulnerability exists in LJCMSshop of Beijing Liangjing Zhicheng Technology Co., Ltd, which can be exploited by attackers to modify accou...
USDT has a fake top-up vulnerability
USDT is a token based on P2P transactions. The vulnerability stems from a flaw in the logic used by exchanges to confirm the success of a USDT top-up transaction by not checking the value of the valid field in the transaction details on the blockchain to see if it is true, resulting in a "fake...
eWallet Online Payment Gateway 2 - Cross-Site Request Forgery
eWallet Online Payment Gateway 2 - Cross-Site Request Forgery Exploit Title: eWallet - Online Payment Gateway 2 - Cross-Site Request Forgery Date: 2018-05-23 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/ewallet-online-payment-gateway/19316332?srank=1110 Version: 2 Tested on:...
Coinbase: ETH contract handling errors
A business logic error in the ETH contract handling code allowed for a nested revert call in contract execution to improperly credit a user account though funds had not been transferred. In addition, the code did not appropriately handle delegatecall within a contract. Sample contract for the fir...
Coinbase: Ethereum account balance manipulation
The researchers noticed an issue with our ETH receiving code when receiving from a contract. This allowed sending of ETH to Coinbase to be credited even if the underlying contract execution failed. The issue was fixed by changing the contract handling logic. Analysis of the issue indicated only...