Lucene search
K

56 matches found

Code423n4
Code423n4
added 2023/07/14 12:0 a.m.13 views

_getNextObservationIndex() Random use of timestamp to determine the currentTime can be manipulated bacause of dangerous strict equalities

Lines of code Vulnerability details Impact The use of strict equalities can be easily manipulated by an attacker. Miners may attempt to manipulate the timestamp. Proof of Concept File: TwabLib.sol Code Link: Code: if newestObservation.timestamp == currentTime File: TwabLib.sol Code Link: Code: if...

6.8AI score
Exploits0
Prion
Prion
added 2023/01/10 12:15 p.m.16 views

Code injection

Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary cod...

4.6CVSS6.8AI score0.00293EPSS
Exploits0References1
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.10 views

getCurrentPrice will be return a higher value than expected due to insufficient check in isTimeValid

Lines of code Vulnerability details The Boolean value will always return true if start price is zero. The condition will be sufficiently fulfilled since a time will be set in the future but no time is set in the past or at current time: sumCurrentPrices uses the returned value of getCurrentPrice...

7AI score
Exploits0
OSV
OSV
added 2022/05/13 1:12 a.m.15 views

GHSA-6P3G-HW27-QH44 Moodle's time-validation implementation allows bypassing intended restrictions

The time-validation implementation in 1 mod/feedback/complete.php and 2 mod/feedback/completeguest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by...

4.9CVSS5.8AI score0.01536EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.20 views

Moodle's time-validation implementation allows bypassing intended restrictions

The time-validation implementation in 1 mod/feedback/complete.php and 2 mod/feedback/completeguest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by...

4.9CVSS6.8AI score0.01536EPSS
Exploits0References9Affected Software1
ThreatPost
ThreatPost
added 2020/09/11 8:28 p.m.29 views

Office 365 Phishing Attack Leverages Real-Time Active Directory Validation

Researchers have uncovered a phishing attack using a new technique: Attackers are making use of authentication APIs to validate victims’ Office 365 credentials – in real time – as they enter them into the landing page. Authentication APIs are used by apps and services running on the users’ behalf...

0.9AI score
Exploits0References7
CNVD
CNVD
added 2019/10/08 12:0 a.m.2 views

WordPress accurate-form-data-real-time-form-validation plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. accurate-form-data-real-time-form-validation is used in which a form data real-time validation plugin. A cross-site request...

6.5CVSS6.7AI score0.00846EPSS
Exploits1References1
CNVD
CNVD
added 2018/01/11 12:0 a.m.6 views

INSIDE Secure MatrixSSL Certificate Validation Vulnerability

INSIDE Secure MatrixSSL is an embedded, open source SSLv3 stack from INSIDE Secure, France, designed for small applications and devices. A security vulnerability exists in INSIDE Secure MatrixSSL version 3.7.2, which stems from the program failing to properly validate the UTCTime validity period...

5.9CVSS6.8AI score0.00485EPSS
Exploits0References1
OSV
OSV
added 2015/10/25 9:50 p.m.10 views

MGASA-2015-0413 Updated ntp packages fixes security vulnerabilities

It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that clien...

9.8CVSS6.7AI score0.81762EPSS
Exploits2References3
NVD
NVD
added 2014/03/24 2:20 p.m.19 views

CVE-2014-0127

The time-validation implementation in 1 mod/feedback/complete.php and 2 mod/feedback/completeguest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by...

4.9CVSS6AI score0.01536EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2014/03/24 2:20 p.m.19 views

CVE-2014-0127

The time-validation implementation in 1 mod/feedback/complete.php and 2 mod/feedback/completeguest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by...

4.9CVSS5.9AI score0.01536EPSS
Exploits0References4
Cvelist
Cvelist
added 2014/03/22 1:0 a.m.26 views

CVE-2014-0127

The time-validation implementation in 1 mod/feedback/complete.php and 2 mod/feedback/completeguest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by...

5.9AI score0.01536EPSS
Exploits0References3
CVE
CVE
added 2014/03/22 1:0 a.m.63 views

CVE-2014-0127

CVE-2014-0127 affects Moodle: the time-validation logic in mod/feedback/complete.php and mod/feedback/complete_guest.php allows remote authenticated users to bypass restrictions when starting a Feedback activity by selecting an unavailable time. Affected versions include Moodle through 2.3.11, 2....

4.9CVSS6AI score0.01536EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2012/09/14 6:55 p.m.22 views

Directory traversal

The tortimegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a malformed directory object, a different vulnerability than...

5CVSS6.7AI score0.02233EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2012/09/14 6:0 p.m.27 views

CVE-2012-4922

The tortimegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a malformed directory object, a different vulnerability than...

8.9AI score0.02233EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2012/09/14 6:0 p.m.33 views

CVE-2012-4922

The tortimegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a malformed directory object, a different vulnerability than...

5CVSS5.3AI score0.02233EPSS
Exploits0
Rows per page
Query Builder