Brute Force

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Brute Force via the check process. An attacker can gain unauthorized administrative access by submitting arbitrary user-id and token values to the...

CVE-2024-32644 Evmos' transaction execution not accounting for all state transition after interaction with precompiles

Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during the execution of a transaction. The exploit ...

ConvexCurveLPVault's _transferYield can become stuck with zero reward transfer

Lines of code Vulnerability details Now there are no checks for the amounts to be transferred via transferYield and processTreasury. As reward token list is external and an arbitrary token can end up there, in the case when such token doesn't allow for zero amount transfers, the reward retrieval...

Unsafe ERC20 transfers are used in BribeVault and ThecosomataETH

Lines of code Vulnerability details Impact For some ERC20 tokens no revert occurs but false is returned if transfer failed for any reason. If this isn't checked, the system will enter a wrong state with an accounted, but not executed transfer. Such effect can pile up, messing the logic altogether...

CVE-2019-8336

HashiCorp Consul and Consul Enterprise 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "" as its secret is used in unusual circumstances...

CVE-2016-6582

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...