2 matches found
It is possible to override pool params in PoolRegistry.sol since the creator field is never set for a venus pool
Lines of code Vulnerability details Proof of Concept PoolRegistry.createPoolRegistry will call PoolRegistry.registerPool which will make a check on the creator field for a pool. VenusPool memory venusPool = poolByComptrollercomptroller; requirevenusPool.creator == address0, "PoolRegistry: Pool...
DEBIAN-CVE-2017-12980
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as...