9 matches found
EUVD-2017-5963
Malware in sbrugna...
CVE-2017-14460
An exploitable overly permissive cross-domain CORS whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a malicious website to trigger this vulnerability...
Design/Logic Flaw
An exploitable overly permissive cross-domain CORS whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a malicious website to trigger this vulnerability...
CVE-2017-14460
An exploitable overly permissive cross-domain CORS whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a malicious website to trigger this vulnerability...
CVE-2017-14460
An exploitable overly permissive cross-domain CORS whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a malicious website to trigger this vulnerability...
CVE-2017-14460
The CVE-2017-14460 issue affects Parity Ethereum client’s JSON-RPC interface, where the default overly permissive cross-domain (CORS) whitelist (often *) can allow a malicious website to fetch or modify data through the JSON-RPC API if certain endpoints are enabled. TALOS details show an example ...
Parity Ethereum client JSON-RPC misconfiguration vulnerability
Parity Ethereum client is a client for Ethereum the application runtime platform.JSON-RPC is one of the remote invocation services using JSON as the protocol. A misconfiguration vulnerability exists in JSON-RPC in Parity Ethereum client version 1.7.8. An attacker can use this vulnerability to sen...
Parity Browser < 1.6.10 - Bypass Same Origin Policy
VuNote ====== Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-18016 Version: 0.3 Date: Jun 16th, 2017 Tag: parity same origin policy bypass webproxy token reuse Overview -------- Name: parity Vendor: paritytech References: https://parity.io/ 1 Version: 1.6.8 Latest Version...
Oh, Crap! Someone Accidentally Triggered A Flaw That Locked Up $280 Million In Ethereum
Horrible news for some Ethereum users. About $300 million worth of Ether—the cryptocurrency unit that has become one of the most popular and increasingly valuable cryptocurrencies—from dozens of Ethereum wallets was permanently locked up today. Smart contract coding startup Parity Technologies,...