56 matches found
_getNextObservationIndex() Random use of timestamp to determine the currentTime can be manipulated bacause of dangerous strict equalities
Lines of code Vulnerability details Impact The use of strict equalities can be easily manipulated by an attacker. Miners may attempt to manipulate the timestamp. Proof of Concept File: TwabLib.sol Code Link: Code: if newestObservation.timestamp == currentTime File: TwabLib.sol Code Link: Code: if...
Code injection
Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary cod...
getCurrentPrice will be return a higher value than expected due to insufficient check in isTimeValid
Lines of code Vulnerability details The Boolean value will always return true if start price is zero. The condition will be sufficiently fulfilled since a time will be set in the future but no time is set in the past or at current time: sumCurrentPrices uses the returned value of getCurrentPrice...
GHSA-6P3G-HW27-QH44 Moodle's time-validation implementation allows bypassing intended restrictions
The time-validation implementation in 1 mod/feedback/complete.php and 2 mod/feedback/completeguest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by...
Moodle's time-validation implementation allows bypassing intended restrictions
The time-validation implementation in 1 mod/feedback/complete.php and 2 mod/feedback/completeguest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by...
Office 365 Phishing Attack Leverages Real-Time Active Directory Validation
Researchers have uncovered a phishing attack using a new technique: Attackers are making use of authentication APIs to validate victims’ Office 365 credentials – in real time – as they enter them into the landing page. Authentication APIs are used by apps and services running on the users’ behalf...
WordPress accurate-form-data-real-time-form-validation plugin cross-site request forgery vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. accurate-form-data-real-time-form-validation is used in which a form data real-time validation plugin. A cross-site request...
INSIDE Secure MatrixSSL Certificate Validation Vulnerability
INSIDE Secure MatrixSSL is an embedded, open source SSLv3 stack from INSIDE Secure, France, designed for small applications and devices. A security vulnerability exists in INSIDE Secure MatrixSSL version 3.7.2, which stems from the program failing to properly validate the UTCTime validity period...
MGASA-2015-0413 Updated ntp packages fixes security vulnerabilities
It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that clien...
CVE-2014-0127
The time-validation implementation in 1 mod/feedback/complete.php and 2 mod/feedback/completeguest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by...
CVE-2014-0127
The time-validation implementation in 1 mod/feedback/complete.php and 2 mod/feedback/completeguest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by...
CVE-2014-0127
The time-validation implementation in 1 mod/feedback/complete.php and 2 mod/feedback/completeguest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by...
CVE-2014-0127
CVE-2014-0127 affects Moodle: the time-validation logic in mod/feedback/complete.php and mod/feedback/complete_guest.php allows remote authenticated users to bypass restrictions when starting a Feedback activity by selecting an unavailable time. Affected versions include Moodle through 2.3.11, 2....
Directory traversal
The tortimegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a malformed directory object, a different vulnerability than...
CVE-2012-4922
The tortimegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a malformed directory object, a different vulnerability than...
CVE-2012-4922
The tortimegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a malformed directory object, a different vulnerability than...