_computeRewardFraction logic looks susceptible to manipulation around the edges.

Lines of code Vulnerability details Impact if auctionElapsedTime is 0, it returns the full reward fraction Proof of Concept The RewardLib.fractionalReward calculates the reward fraction linearly based on the elapsed time. When auctionElapsedTime is 0, fractionalReward will return 1 full rewards...

Sophos UTM WebAdmin SID Command Injection Exploit

This Metasploit module exploits an SID-based command injection in Sophos UTM's WebAdmin interface to execute shell commands as the root user. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

CVE-2017-9735

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords...

Fedora 13 : dhcp-4.1.1-27.P1.fc13 (2010-17303)

Thu Nov 4 2010 Jiri Popelka - 12:4.1.1-27.P1 - Fix for CVE-2010-3611 649880 - Wed Oct 13 2010 Jiri Popelka - 12:4.1.1-26.P1 - Server was ignoring client's Solicit where client included address/prefix as a preference 634842 - Tue Sep 7 2010 Jiri Popelka - 12:4.1.1-25.P1 - Hardening...

Code injection

SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a differen...