Bad access control in AdminRole.sol can lead to griefing DoS by front-running when trying to withdraw treasury funds

Lines of code Vulnerability details Proof of concept FoundationTreasury.sol inherits CollateralManagement.sol which has the method function withdrawFundsaddress payable to, uint256 amount external onlyAdmin that can withdraw the whole balance of the treasury to the to address. It can be called on...

Exposure of critical functions

Lines of code Vulnerability details Impact AdminRole mixin exposes critical functions without any restrictions like grantAdmin revokeAdmin Proof of Concept Criticial functions like grantAdmin can be externally accessed changing the critical roles like admin. // for eg: function grantAdminaddress...

Take over of AdminRole contract

Lines of code Vulnerability details Impact Any user can call the grantAdmin or revokeAdmin method and take control of the contract. Proof of Concept The grantAdmin and revokeAdmin methods are not protected by any type of authentication restriction, when they should have the onlyAdmin modifier. So...

OpenKM Document Management System 5.1.7 Command Execution

No description provided by source. COMPASS SECURITY ADVISORY http://www.csnc.ch/ ID: COMPASS-2012-002 Product: OpenKM Document Management System 5.1.7 1 Vendor: OpenKM http://www.openkm.com/ Subject: Cross-site Request Forgery based OS Command Execution Risk: High Effect: Remotely exploitable...

OpenKM 5.1.7 - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/53602/info OpenKM is prone to a cross-site request-forgery vulnerability. Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected application. OpenKM 5.1.7 is vulnerable; other versions may...