Lucene search
K

571 matches found

Code423n4
Code423n4
added 2021/04/28 12:0 a.m.7 views

Transfer fee is burned on wrong accounts

Handle @cmichelio Vulnerability details Vulnerability Details The Vader.transfer function burns the transfer fee on msg.sender but this address might not be involved in the transfer at all due to transferFrom. Impact Smart contracts that simply relay transfers like aggregators have their Vader...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/01 12:0 a.m.397 views

School Registration And Fee System 1.0 SQL Injection

Exploit Title: School Registration and Fee System | 'username ' Blind SQL Injection Exploit Author: Richard Jones Date: 01-04-2021 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/10932/school-registration-and-fee-system.html Version: 1.0 Tested O...

Exploits0
NVD
NVD
added 2021/01/03 7:15 a.m.10 views

CVE-2020-35962

The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring LRC, an Ethereum token, lacks access control for fee swapping and thus allows price manipulation...

7.5CVSS7.6AI score0.01335EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/01/03 6:55 a.m.17 views

CVE-2020-35962

The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring LRC, an Ethereum token, lacks access control for fee swapping and thus allows price manipulation...

7.6AI score0.01335EPSS
Exploits1References2
CVE
CVE
added 2021/01/03 6:55 a.m.96 views

CVE-2020-35962

The CVE-2020-35962 issue affects Loopring (LRC) by the vault protocol’s sellTokenForLRC function in its smart contract, which lacks access control for fee swapping. This vulnerability enables price manipulation within the on-chain logic. The documented impact is a HIGH severity in CVSS 3.1 (I:H) ...

7.5CVSS7.5AI score0.01335EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2020/08/03 12:0 a.m.2 views

Logic flaws exist in the parking lot fee management system of Xiamen KTO Communication Technology Co.

Xiamen KTO Communication Technology Co., Ltd. is a professional smart parking value operator, providing safe, efficient, convenient and reliable smart parking services to customers worldwide. A logic flaw vulnerability exists in the parking fee management system of Xiamen KTO Communication...

7AI score
Exploits0
CNVD
CNVD
added 2020/07/17 12:0 a.m.3 views

Soar Labs Soar Coin Security Vulnerability Exists

Soar Labs Soar Coin is an ethereum-based virtual cryptocurrency. A security vulnerability exists in the 'zerofeetransaction' function in Soar Labs Soar Coin git commit 4a2aa71ee21014e2880a3f7aad11091ed6ad434f and previous versions. An attacker could exploit this vulnerability to steal Soar curren...

6.9AI score
Exploits0References1
CNVD
CNVD
added 2020/07/15 12:0 a.m.2 views

Bitcoin wxBitcoin/bitcoind Buffer Overflow Vulnerability

A vulnerability exists in Bitcoin wxBitcoin and bitcoind versions prior to 0.3.13, which stems from bitcoins that do not properly process the associated bitcoin transaction with a zero-point confirmation. A remote attacker could exploit the vulnerability to cause a denial of service a large numbe...

6.8AI score
Exploits0References1
OSV
OSV
added 2020/07/02 3:15 p.m.3 views

CVE-2020-12119

Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee RBF. It increases the user's balance with the value of an unconfirmed transaction as soon as it is received before the transaction is confirmed and does not decrease the balance when it is canceled. As a result, users are exposed t...

8.1CVSS5.8AI score0.00493EPSS
Exploits0References1
Prion
Prion
added 2020/07/02 3:15 p.m.10 views

Design/Logic Flaw

Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee RBF. It increases the user's balance with the value of an unconfirmed transaction as soon as it is received before the transaction is confirmed and does not decrease the balance when it is canceled. As a result, users are exposed t...

5.8CVSS7.9AI score0.00493EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/06/16 6:15 p.m.31 views

CVE-2020-14199

BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee. NOTE: this affects all hardware wallets. It was fixed in 1.9.1 for the...

6.5CVSS0.00846EPSS
Exploits0References1
Prion
Prion
added 2020/06/16 6:15 p.m.21 views

Design/Logic Flaw

BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee. NOTE: this affects all hardware wallets. It was fixed in 1.9.1 for the...

4.3CVSS6.4AI score0.00846EPSS
Exploits0References1Affected Software2
ThreatPost
ThreatPost
added 2020/04/15 2:22 p.m.36 views

PPE, COVID-19 Medical Supplies Targeted by BEC Scams

Much has been publicized about the shortage of personal protective equipment PPE and other supplies for healthcare facilities in the United States during the COVID-19 pandemic. Now, the FBI is warning that threat actors are taking advantage of efforts to procure PPE and critical equipment such as...

6.8AI score
Exploits0References9
CNVD
CNVD
added 2020/03/28 12:0 a.m.1 views

SQL Injection Vulnerability in php Simple Sweeping Code Payment Education Fee System in***.php

php Simple Sweep Pay Education Fee System is a query and fee software developed in Php+MySql. php simple code payment education fee system in.php SQL injection vulnerability, an attacker can use the vulnerability to obtain database sensitive information...

8.1AI score
Exploits0
CNVD
CNVD
added 2020/03/28 12:0 a.m.1 views

SQL Injection Vulnerability in php Simple Sweeping Code Payment Education Fee System us***.php Page

php Simple Sweep Pay Education Fee System is a query and fee software developed in Php+MySql. The us.php page of the php Simple Scan Code Payment Education Fee System suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...

7.7AI score
Exploits0
CNVD
CNVD
added 2020/03/28 12:0 a.m.3 views

SQL Injection Vulnerability in php Simple Scan to Pay Education Fee System (CNVD-2020-27166)

php Simple Sweep Pay Education Fee System is a query and fee software developed in Php+MySql. php Simple Scan Code Payment Education Fee System suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...

7.7AI score
Exploits0
CNVD
CNVD
added 2020/03/19 12:0 a.m.2 views

Logic flaw vulnerability in student fee management cloud platform

Student Fee Management Cloud Platform is an online self-service fee payment system for students of Industrial Bank Co. A logic flaw vulnerability exists in the Student Fee Management Cloud Platform, which can be exploited by an attacker to reset arbitrary user passwords...

7AI score
Exploits0
CNVD
CNVD
added 2020/03/11 12:0 a.m.2 views

Information leakage vulnerability in smart bill payment platforms

Guilin Jiapeng Information Technology Co., Ltd. is a company that gathers high-quality software development talents and marketing talents and focuses on the development and application of college management software. There is an information leakage vulnerability in the smart fee payment platform...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2020/03/02 10:33 p.m.42 views

HackerOne: Rounding errors on rewarding a bounty leads to bypassing the 20% H1 commission fee

Summary: The team discovered a rounding error issue when rewarding hackers with a bounty. Through a series of micro-payments, a malicious program manager is able to pay a full amount to the hacker while evading the 20% H1 commission fee. Description: H1 has a system for awarding and paying hacker...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/02/06 12:14 p.m.29 views

A New Clue for the Kryptos Sculpture

Jim Sanborn, who designed the Kryptos sculpture in a CIA courtyard, has released another clue to the still-unsolved part 4. I think he's getting tired of waiting. Did we mention Mr. Sanborn is 74? Holding on to one of the world's most enticing secrets can be stressful. Some would-be codebreakers...

7AI score
Exploits0
Rows per page
Query Builder