3 matches found
Pretalx Arbitrary File Read/Limited File Write
This module exploits functionality in Pretalx that export conference schedule as zipped file. The Pretalx will iteratively include any file referenced by any HTML tag and does not properly check the path of the file, which can lead to arbitrary file read. The module requires credentials that allo...
A single host can approve a proposal for all other hosts in the Party
Lines of code Vulnerability details Summary A single host can approve a proposal by transferring the host role to dummy accounts and voting again to increment the number of approvals. Impact When a proposal is created in a Party, the number of active hosts is snapshotted in the proposal state...
Multisig: Users can approve proposals even after getting removed
Lines of code Vulnerability details Impact The Multisig contract intends to enable the creation and approval of proposals among a predetermined list of multisig addresses. The multisig addresses can be added or removed by a authorative identity. While creating a new proposal a snapshotBlock...