Lack of access control in the parameterize function of proposal contracts

Handle shw Vulnerability details Impact Most of the proposal contracts have a parameterize function for setting the proposal parameters, and these functions are protected only by the notCurrent modifier. When the proposal is proposed through a lodgeProposal transaction, an attacker can front-run...

anyone can change Parameters state

Handle jayjonah8 Vulnerability details Impact In BurnFlashStakeDeposit.sol the parameterize function can be called by anyone setting all the Parameters state in the contract. A user should not be able to do this. This function deals with important governance decisions being execute and should onl...

WordPress Plugin Easy2Map 1.24 - SQL Injection

Title: SQL Injection in easy2map wordpress plugin v1.24 Author: Larry W. Cashdollar, @larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.25 Vendor Contact: https://profiles.wordpress.org/stevenellis/ Advisory...