CVE-2024-6695

it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process...

Vulnerability in Token Withdrawal Function

Lines of code Vulnerability details Impact Flawed logic in token withdrawal function allows for selective withdrawal of high-value tokens and fails in single-token scenarios. // Sum up total amount of each token to withdraw. uint256 memory withdrawAmounts = new uint256; IERC20 prevToken; for...

Damon Enterprise Manager has a flawed logic vulnerability

Damon Enterprise Manager is a centralized management platform that monitors, manages and maintains DM databases through a web interface. A logic flaw vulnerability exists in Damon Enterprise Manager, which can be exploited by an attacker to delete arbitrary operating system files, resulting in...

quorum and quota calculation logic is flawed

Lines of code Vulnerability details Impact quorum and quota calculation logic is flawed Proof of Concept votes to be valid, and if the poll passed or failed. At the time of writing, then QUORUM value is 33% of active stake, and the QUOTA is 50%, meaning that as long as 1/3rd of active stake votes...

Misuse of a Boolean constant

Lines of code Vulnerability details Impact Use of Boolean constants true/false in code is indicative of flawed logic. Boolean constants in code have only a few legitimate uses. Other uses in complex expressions, as conditionals indicate either an error or, most likely, the persistence of faulty...

Guangzhou Bainan Information Technology Co., Ltd. has a flawed logic vulnerability in its large instrument sharing management system

Large-scale instrument sharing management system is a company engaged in the design, development, production and integration services of laboratory information technology products. Guangzhou Bainan Information Technology Co., Ltd. has a logic flaw vulnerability in the large instrument sharing...

Plausible Analytics < 1.2.4 - Subscriber+ Arbitrary Settings Update

The plugin has a flawed logic when checking for authorisation and CSRF before updating its settings, allowing any authenticated users, such as subscriber, to update the plugin's settings. The attack is also possible via CSRF against any authenticated user. PoC POST /wp-admin/admin-ajax.php HTTP/1...

Free Coin has a flawed logic vulnerability

Vulnerability mining supported by the Ministry of Science and Technology National Key R&D Program Topic 2020YFB1005802 The token contract freeze function will gradually increase its gas consumption when it is called multiple times, and when the gas consumption is extremely large, the running cost...

TMS has a logic flaw vulnerability

TMS is a responsive web open source team collaboration system based on the channel model of team communication and collaboration + lightweight task Kanban. A logic flaw vulnerability exists in TMS, which can be exploited by attackers to modify other users' information...

Kudos Live has a flawed logic vulnerability

Kudou Live, formerly Fanxing Live, is an online video interactive performing arts platform created by Kudou in 2012. There is a logic flaw vulnerability in Kudou Live, which can be exploited by attackers to hijack plaintext messages and inject malicious programs into Kudou Live upgrade, leading t...

Logic flaw vulnerability in hera task scheduling system

hera task scheduler is a distributed task scheduler based on zeus rewrite. The hera Task Scheduler suffers from a logic flaw that can be exploited by an attacker to forge arbitrary login credentials via a built-in hard-coded key...

Cool Music App Has Logic Flaw Vulnerability

Cool Music is a music player. A logic flaw vulnerability exists in CoolMusic APP, which can be exploited by an attacker to cause a phone lockup by using a proxy tool to tamper with the packet to replace the upgrade link...

Extreme CMS has a flawed logic vulnerability

Extreme CMS is an open source and free PHPCMS web content management system. Extreme CMS has a logic flaw vulnerability that can be exploited by attackers to obtain sensitive information...

DateMe has a flawed logic vulnerability

DateMe DMX is an Ether-based digital currency. An integer overflow vulnerability exists in the 'sell' function of DMX's smart contract implementation. An attacker could exploit the vulnerability to prevent the seller from accessing the assets due to the exchange...

RIAA Targeted by Anonymous Operation Payback !

The rogue hacktivist movement Anonymous is apparently breaking out the Low Orbit Ion Cannon again for a reprise of the Operation Payback campaign, this time setting their distributed denial of service DDoS attack sites on the Recording Industry Association of America RIAA. The campaign to disrupt...