17 matches found
EUVD-2026-25363
A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watchd...
PT-2026-34810
Name of the Vulnerable Software and Affected Versions SenseLive X3050 affected versions not specified Description The embedded management service in the SenseLive config application lacks authentication and authorization. This allows any reachable host to establish full administrative control and...
EUVD-2004-1504
Malware in sbrugna...
CVE-2022-3372 Cross-Site Request Forgery (CSRF) in Riello UPS Netman-204
There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords through a Cross Site Request Forgery due to the lack of proper validation on the CRSF token. This vulnerability could allow a remote attacker to access the administrator panel,...
set critical parameters like fee recipient in constrctor.
Lines of code Vulnerability details Impact Loss of fee at certain condition. This can happen, when user call deposit function immediately contracts are deployed. Or when admin forget to update the feeReceient address. There are lot of address that admin has to set once the contract is deployed. S...
CVE-2022-2105
Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters...
CVE-2022-2105
Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters...
Authentication flaw
Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters...
CVE-2022-2105 Secheron SEPCOS Control and Protection Relay
Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters...
Missing events/timelock for function updateChannel only functions that change critical parameters
Lines of code Vulnerability details Impact functions that change critical parameters should emit events and have timelocks. Events allow capturing changed parameters so interfaces can register changes with timelock. It allow users to evaluate them and consider if they would like to engage or exit...
Timelock for sNOTE.sol:setCoolDownTime()
Handle Dravee Vulnerability details Impact It is a good practice to give time for users to react and adjust to critical changes. Proof of Concept Here, if the cooldown were to be updated by being raised: a user that was falling outside of it might get right back inside the cooldown period at a...
Timelock and events for governor functions
Handle pauliax Vulnerability details Impact There are contracts that contain functions that change important parameters of the system, e.g. OverlayV1Mothership has setOVL, initializeMarket, disableMarket, enableMarket, initializeCollateral, enableCollateral, disableCollateral, adjustGlobalParams...
Missing events/timelocks for owner/admin only functions that change critical parameters
Handle defsec Vulnerability details Impact Owner/admin only functions that change critical parameters should emit events and have timelocks. Events allow capturing the changed parameters so that off-chain tools/interfaces can register such changes with timelocks that allow users to evaluate them...
Missing events/timelocks for owner/admin only functions that change critical parameters
Handle 0xRajeev Vulnerability details Impact Owner/admin only functions that change critical parameters should emit events and have timelocks. Events allow capturing the changed parameters so that off-chain tools/interfaces can register such changes with timelocks that allow users to evaluate the...
Missing events for critical parameter changing operations by owner
Handle 0xRajeev Vulnerability details Impact The owner of TracerPerpetualSwaps contract, who is potentially untrusted as per specification, can change the market critical parameters such as the addresses of the Liquidation/Pricing/Insurance/GasOracle/FeeReceiver and also critical values such as...
Lack of input validation on onlyOwner critical parameters
Handle 0xRajeev Vulnerability details Impact The owner potentially untrustworthy/malicious of the prize pool is allowed to set a liquidation cap for guarded launch and the credit rate and limit parameters which affect the crucial fairness of the pool. However, there is no input validation on thes...
CVE-2004-1510
WebCalendar (the product) is documented as vulnerable to a remote SQL Injection that can be triggered by modifying parameters in view_entry.php or upcoming.php, potentially enabling privilege escalation. OpenVAS entries describe the vulnerability as allowing the attacker to cause the program to e...