Lucene search
K

34 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:38 a.m.7 views

CVE-2022-40115

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the custid parameter at /net-banking/deletebeneficiary.php...

9.8CVSS8.3AI score0.00819EPSS
Exploits1References1
Code423n4
Code423n4
added 2023/10/30 12:0 a.m.9 views

Users will retain possession of their USDe after redeeming collateral

Lines of code Vulnerability details Impact Users will retain possession of their USDe after redeeming their collateral this can lead to theft/loss of funds. Proof of Concept See belo for the coded POC. The benefactor and the beneficiary in the Order struct containing order details and confirmatio...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/05/22 12:0 a.m.10 views

Amount of project token minted to beneficiary by JBXBuybackDelegate._mint function is not checked against an expected minimum number of project tokens to be minted to such beneficiary

Lines of code Vulnerability details Impact Calling the following JBPayoutRedemptionPaymentTerminal31.pay function executes fundingCycle, tokenCount, delegateAllocations, memo = store.recordPaymentFrompayer, bundledAmount, projectId, baseWeightCurrency, beneficiary, memo, metadata. File:...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.10 views

INVEscrow.onDeposit() can be called many times by any user

Lines of code Vulnerability details Impact In INVEscrow.onDeposit there is not sender checks And no checks if xINV was already minted So anyone can call it many times and mint unlimited count of xINV Tools Used vs code Recommended Mitigation Steps Add check requiremsg.sender == beneficiary --- Th...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/10/23 12:0 a.m.9 views

_expectMint is not checked when tokenId != 0

Lines of code Vulnerability details Impact In the mintBestAvailableTier function from the JBTiered721Delegate contract the expectMint variable is used to determine if the user is expecting the contract to mint tokens with the left over funds or not, but the boolean value of expectMint is only...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/22 12:0 a.m.7 views

didPay() receives payment but does not mint NFT to beneficiary as expected.

Lines of code Vulnerability details Impact The function JB721Delegate.didPay is expected to mint an NFT to the beneficiary if conditions are met. However the function only receives payment through payable, but does nothing else in the processPayment call if function does not revert. The expected...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/10/21 12:0 a.m.9 views

Changing default reserved token beneficiary may result in wrong beneficiary for tier

Lines of code Vulnerability details Impact When the reservedTokenBeneficiary of a tier is equal to defaultReservedTokenBeneficiaryOfmsg.sender, it is not explicitly set for this tier. This generally works well because in the function reservedTokenBeneficiaryOfaddress nft, uint256 tierId,...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/19 12:0 a.m.7 views

The beneficiary could be the zero address

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. There is no zero address check for the beneficiary ,therefore it is possible the beneficiary is zero and we lose all the reserves Proof of Concept Provide direct links to all referenced code in GitHub...

7AI score
Exploits0
NVD
NVD
added 2022/09/23 10:15 p.m.15 views

CVE-2022-40116

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/beneficiary.php...

9.8CVSS0.00819EPSS
Exploits1References2
OSV
OSV
added 2022/09/23 10:15 p.m.3 views

CVE-2022-40115

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the custid parameter at /net-banking/deletebeneficiary.php...

9.8CVSS5.8AI score0.00819EPSS
Exploits1References2
OSV
OSV
added 2022/09/23 10:15 p.m.3 views

CVE-2022-40116

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/beneficiary.php...

9.8CVSS5.8AI score0.00819EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/09/23 9:16 p.m.3 views

CVE-2022-40115

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the custid parameter at /net-banking/deletebeneficiary.php...

9.8AI score0.00819EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/09/23 12:0 a.m.3 views

Online Banking System SQL注入漏洞

Online Banking System is an online banking system developed using PHP and MySQL. version v1.0 of Online Banking System has a security vulnerability that stems from a SQL injection issue in the search parameter in the /net-banking/beneficiary.php location. No details of the vulnerability are...

9.8CVSS8AI score0.00819EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/09/23 12:0 a.m.5 views

Online Banking System SQL注入漏洞

Online Banking System is an online banking system developed using PHP and MySQL. v1.0 of Online Banking System has a security vulnerability that originates in the /net-banking/deletebeneficiary.php location where the custid parameter has SQL injection issue. No detailed vulnerability details are...

9.8CVSS8AI score0.00819EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/09/23 12:0 a.m.6 views

PT-2022-25218 · Unknown · Online Banking System

Name of the Vulnerable Software and Affected Versions: Online Banking System version 1.0 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the cust id parameter at the "/net-banking/delete beneficiary.php" API endpoint. Recommendations: For Online Banking...

9.8CVSS9.5AI score0.00819EPSS
Exploits1References3
Code423n4
Code423n4
added 2022/06/01 12:0 a.m.11 views

Upgraded Q -> M from 294 [1654058024144]

Judge has assessed an item in Issue 294 as Medium risk. The relevant finding follows: Beneficiary is credited additional ETH above premium The CallybuyOption function ensures that the caller sends an ETH amount equal to or greater than the calculated premium: buyOptionL224 requiremsg.value =...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/05/14 12:0 a.m.10 views

Loss of funds due to beneficiary override to address(0) during transfer

Lines of code Vulnerability details Premiums or proceeds earned after the transfer will accrue to the zero address, instead of to the new vault owner, and the funds will be irrecoverable. Proof of concept vaultBeneficiariesvaultId is overridden to the zero address during transfer: File: Cally.sol...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/14 12:0 a.m.10 views

Setting a high feeRate can block exercise or cause negative flow of funds

Lines of code Vulnerability details Impact When an admin intentionally or unintentionally sets a feeRate greater than 1e18 100%, The exercise function can fail with arithmetic operation underflow at line 289 In the case, when beneficiary is connected to multiple vaults, the exercise function will...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/08 12:0 a.m.12 views

FixedPricePassThruGate locks excess ETH payments

Lines of code Vulnerability details The FixedPricePassThruGate accepts ETH amounts greater than or equal to the calculated price, but only forwards an amount exactly equal to the calculated price to the configured beneficiary address. Excess ETH sent through the gate will be permanently locked in...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/08 12:0 a.m.8 views

Beneficiary of SpeedBumpPriceGate can close the gate and hike the price for free.

Lines of code Vulnerability details Impact SpeedBumpPriceGate.sol is callable by anyone so the beneficiary can hike the price by calling it with his own ETH which will be returned to him or by making a flash loan to raise the price high enough that the gate is effectively closed indefinetely...

6.8AI score
Exploits0
Rows per page
Query Builder