571 matches found
Transfer fee is burned on wrong accounts
Handle @cmichelio Vulnerability details Vulnerability Details The Vader.transfer function burns the transfer fee on msg.sender but this address might not be involved in the transfer at all due to transferFrom. Impact Smart contracts that simply relay transfers like aggregators have their Vader...
School Registration And Fee System 1.0 SQL Injection
Exploit Title: School Registration and Fee System | 'username ' Blind SQL Injection Exploit Author: Richard Jones Date: 01-04-2021 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/10932/school-registration-and-fee-system.html Version: 1.0 Tested O...
CVE-2020-35962
The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring LRC, an Ethereum token, lacks access control for fee swapping and thus allows price manipulation...
CVE-2020-35962
The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring LRC, an Ethereum token, lacks access control for fee swapping and thus allows price manipulation...
CVE-2020-35962
The CVE-2020-35962 issue affects Loopring (LRC) by the vault protocol’s sellTokenForLRC function in its smart contract, which lacks access control for fee swapping. This vulnerability enables price manipulation within the on-chain logic. The documented impact is a HIGH severity in CVSS 3.1 (I:H) ...
Logic flaws exist in the parking lot fee management system of Xiamen KTO Communication Technology Co.
Xiamen KTO Communication Technology Co., Ltd. is a professional smart parking value operator, providing safe, efficient, convenient and reliable smart parking services to customers worldwide. A logic flaw vulnerability exists in the parking fee management system of Xiamen KTO Communication...
Soar Labs Soar Coin Security Vulnerability Exists
Soar Labs Soar Coin is an ethereum-based virtual cryptocurrency. A security vulnerability exists in the 'zerofeetransaction' function in Soar Labs Soar Coin git commit 4a2aa71ee21014e2880a3f7aad11091ed6ad434f and previous versions. An attacker could exploit this vulnerability to steal Soar curren...
Bitcoin wxBitcoin/bitcoind Buffer Overflow Vulnerability
A vulnerability exists in Bitcoin wxBitcoin and bitcoind versions prior to 0.3.13, which stems from bitcoins that do not properly process the associated bitcoin transaction with a zero-point confirmation. A remote attacker could exploit the vulnerability to cause a denial of service a large numbe...
CVE-2020-12119
Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee RBF. It increases the user's balance with the value of an unconfirmed transaction as soon as it is received before the transaction is confirmed and does not decrease the balance when it is canceled. As a result, users are exposed t...
Design/Logic Flaw
Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee RBF. It increases the user's balance with the value of an unconfirmed transaction as soon as it is received before the transaction is confirmed and does not decrease the balance when it is canceled. As a result, users are exposed t...
CVE-2020-14199
BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee. NOTE: this affects all hardware wallets. It was fixed in 1.9.1 for the...
Design/Logic Flaw
BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee. NOTE: this affects all hardware wallets. It was fixed in 1.9.1 for the...
PPE, COVID-19 Medical Supplies Targeted by BEC Scams
Much has been publicized about the shortage of personal protective equipment PPE and other supplies for healthcare facilities in the United States during the COVID-19 pandemic. Now, the FBI is warning that threat actors are taking advantage of efforts to procure PPE and critical equipment such as...
SQL Injection Vulnerability in php Simple Sweeping Code Payment Education Fee System in***.php
php Simple Sweep Pay Education Fee System is a query and fee software developed in Php+MySql. php simple code payment education fee system in.php SQL injection vulnerability, an attacker can use the vulnerability to obtain database sensitive information...
SQL Injection Vulnerability in php Simple Sweeping Code Payment Education Fee System us***.php Page
php Simple Sweep Pay Education Fee System is a query and fee software developed in Php+MySql. The us.php page of the php Simple Scan Code Payment Education Fee System suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...
SQL Injection Vulnerability in php Simple Scan to Pay Education Fee System (CNVD-2020-27166)
php Simple Sweep Pay Education Fee System is a query and fee software developed in Php+MySql. php Simple Scan Code Payment Education Fee System suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...
Logic flaw vulnerability in student fee management cloud platform
Student Fee Management Cloud Platform is an online self-service fee payment system for students of Industrial Bank Co. A logic flaw vulnerability exists in the Student Fee Management Cloud Platform, which can be exploited by an attacker to reset arbitrary user passwords...
Information leakage vulnerability in smart bill payment platforms
Guilin Jiapeng Information Technology Co., Ltd. is a company that gathers high-quality software development talents and marketing talents and focuses on the development and application of college management software. There is an information leakage vulnerability in the smart fee payment platform...
HackerOne: Rounding errors on rewarding a bounty leads to bypassing the 20% H1 commission fee
Summary: The team discovered a rounding error issue when rewarding hackers with a bounty. Through a series of micro-payments, a malicious program manager is able to pay a full amount to the hacker while evading the 20% H1 commission fee. Description: H1 has a system for awarding and paying hacker...
A New Clue for the Kryptos Sculpture
Jim Sanborn, who designed the Kryptos sculpture in a CIA courtyard, has released another clue to the still-unsolved part 4. I think he's getting tired of waiting. Did we mention Mr. Sanborn is 74? Holding on to one of the world's most enticing secrets can be stressful. Some would-be codebreakers...