CVE-2026-46096

tpm2-sessions: Fix missing tpmbufdestroy in tpm2readpublic...

EUVD-2018-10520

Malware in sbrugna...

SimpleERC20Escrow's initialize() can be frontrun

Lines of code Vulnerability details Impact The user's collateral is not held in the market contract but is instead held in individual escrows. Every user has a unique escrow for every market. And the escrow contracts are created via the Market contract's createEscrow function. And it's initialize...

Redeemer.sol#redeem() can be called by anyone before maturity, which may lead to loss of user funds

Lines of code Vulnerability details function redeem uint8 p, address u, uint256 m public returns bool // Get the principal token that is being redeemed by the user address principal = IMarketPlacemarketPlace.marketsu, m, p; // Make sure we have the correct principal if p !=...

onlyBurner modifier missing

Lines of code Vulnerability details Impact onlyBurner modifier is missing in burn function. Since it is a public function anyone can burn FEI tokens. Proof of Concept Tools Used Manual analysis Recommended Mitigation Steps Add onlyBurner modifier to the burn function. --- The text was updated...

Unauthorized assertGovernanceApproved

Handle pauliax Vulnerability details Impact function assertGovernanceApproved is public and unauthorized with an arbitrary "sender" parameter. Anyone can invoke it and transfer assets from an arbitrary user: function assertGovernanceApproved address sender, address target, bool emergency public...

Calling generateFLNQuote twice in every block prevents any migration

Handle camden Vulnerability details Impact and PoC In the Uniswap helper, generateFLNQuote is public, so any user can generate the latest quote. If you call this twice in any block, then the two latest flan quotes will have a blockProduced value of the current block's number. These quotes are use...

Business Alliance Financial Circle Security Breach

Business Alliance Financial Circle BAFC is a cryptocurrency. A security vulnerability exists in the 'UBSexToken' function in BAFC's smart contract implementation, which stems from the fact that the function is publicly available and does not check the identity of the caller. An attacker could use...

Business Alliance Financial Circle (BAFC) Overreach Vulnerability

Business Alliance Financial Circle BAFC is a cryptocurrency. The 'UBSexToken' function in BAFC's smart contract implementation is vulnerable to an overreach vulnerability that stems from the fact that the function is publicly available and does not check the identity of the caller. An attacker...

Default credentials

The UBSexToken function of a smart contract implementation for Business Alliance Financial Circle BAFC, an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function is public by default and does not check the caller's identity...

CVE-2018-19830

The UBSexToken function of a smart contract implementation for Business Alliance Financial Circle BAFC, an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function is public by default and does not check the caller's identity...

To bypass PHPCMS patch to continue injection-vulnerability warning-the black bar safety net

Vulnerability author: I want to get a shell Submission time: 2013-01-16 Disclosure time: 2013-01-21 Vulnerability type: SQL injection vulnerability Brief description: Inadvertently looked phpcms patch, just want to spit slot. In addition PHPCMS released a patch why not in the forum thank tick it,...