5 matches found
Upgraded Q -> 3 from #146 [1706014097180]
Judge has assessed an item in Issue 146 as 3 risk. The relevant finding follows: L-6: OLAS minting via treasury is not guaranteed The OLAS.mint… method does not revert if the requested amount cannot be limited due to the inflation limit: function mintaddress account, uint256 amount external //...
Upgraded Q -> 3 from #508 [1675443043181]
Judge has assessed an item in Issue 508 as 3 risk. The relevant finding follows: L-05 Duration does not have upper bound The duration input parameter does not have upper bound. If the duration is mistakenly set too high, node operator will be slashed significant amount of GGP. The...
Joomla! com_hdwplayer 4.2 - search.php SQL Injection
Joomla! comhdwplayer 4.2 - search.php SQL Injection Exploit Title: Joomla! comhdwplayer 4.2 - 'search.php' SQL Injection Dork: inurl:"index.php?option=comhdwplayer" Date: 2020-03-23 Exploit Author: qw3rTyTy Vendor Homepage: https://www.hdwplayer.com/ Software Link:...
NUUO Local File Disclosure Vulnerability
Summary NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS functionality. Setup is simple and easy, with automatic port forwarding settings built in. NVRmini 2 supports POS integration, making this the perfect solution for small retail chain stores. NVRmini 2 also comes full equipp...
Easy2Map Photos <= 1.0.9 - SQL Injection
The code in Functions.php is vulnerable to SQL Injection because they are not parameterising or sanitising user input. PoC sqlmap -u 'http://www.example.com/wp-admin/admin-ajax.php' --data="mapID=11='+or+1%3D%3D1%3B=e2mimgsavemapname" --cookie=COOKIEHERE --level=5 --risk=3...