Lucene search
K

53 matches found

Veracode
Veracode
added 2022/02/16 11:15 a.m.20 views

Open Redirect

microweber is vulnerable to open redirect. An attacker is able to avert a user to a malicious website via an extra slash '/' through the logout function in the UserManager...

6.1CVSS3.8AI score0.03019EPSS
Exploits1References3Affected Software1
Code423n4
Code423n4
added 2021/10/20 12:0 a.m.11 views

UserManager: updateLockedData() doesn't check that the amount is actually locked.

Handle itsmeSTYJ Vulnerability details Impact The function updateLockedData does not actually check if the amount required to be locked is actually locked. Proof of Concept Same solution as my other high issue. I've added comments where relevant. function updateLockedData address borrower, uint25...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/10/20 12:0 a.m.6 views

UserManager: debtWriteOff() function doesn't update state in comptroller

Handle itsmeSTYJ Vulnerability details Thoughts The debtWriteOff function calls updateTotalFrozen instead of updateTotalFrozen. It is not clear if the comptroller's state should also be updated if totalStaked is modified which it is when you write debt off. If it is then updateTotalFrozen should ...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/10/20 12:0 a.m.7 views

Wrong implementation of CreditLimitByMedian.sol#getLockedAmount() will lock a much bigger total amount of staked tokens than expected

Handle WatchPug Vulnerability details function getLockedAmount LockedInfo memory array, address account, uint256 amount, bool isIncrease public pure override returns uint256 if array.length == 0 return 0; uint256 newLockedAmount; if isIncrease for uint256 i = 0; i arrayi.lockedAmount...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/10/20 12:0 a.m.6 views

UserManager: totalStaked ≥ totalFrozen should be checked before and after totalFrozen is updated

Handle itsmeSTYJ Vulnerability details Impact The require statement in updateTotalFrozen and batchUpdateTotalFrozen to check that totalStaked ≥ totalFrozen should be done both before and after updateTotalFrozen is called to ensure that totalStake is still ≥ totalFrozen. This will serve as a sanit...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/10/20 12:0 a.m.11 views

Wrong implementation of CreditLimitByMedian.sol#getLockedAmount() makes it unable to unlock lockedAmount in CreditLimitByMedian model

Handle WatchPug Vulnerability details function getLockedAmount LockedInfo memory array, address account, uint256 amount, bool isIncrease public pure override returns uint256 if array.length == 0 return 0; uint256 newLockedAmount; if isIncrease ... else for uint256 i = 0; i amount newLockedAmount ...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/10/20 12:0 a.m.9 views

Wrong calculation of FrozenCoinAge

Handle WatchPug Vulnerability details The current implementation of Comptroller.soladdFrozenCoinAge and UserManager.solgetFrozenCoinAge, the duration of overdue time is calculated based on the block number of lastRepay and the current block number. However, since the borrower may have never repai...

6.9AI score
Exploits0
NVD
NVD
added 2020/12/26 8:15 p.m.21 views

CVE-2020-35245

Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser...

9.8CVSS9.8AI score0.01145EPSS
Exploits1References1
NVD
NVD
added 2020/12/26 8:15 p.m.18 views

CVE-2020-35243

Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb...

9.8CVSS9.8AI score0.01145EPSS
Exploits1References1
NVD
NVD
added 2020/12/26 8:15 p.m.23 views

CVE-2020-35242

Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory...

9.8CVSS9.8AI score0.01145EPSS
Exploits1References1
OSV
OSV
added 2020/12/26 8:15 p.m.2 views

CVE-2020-35242

Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory...

9.8CVSS7.3AI score0.01145EPSS
Exploits1References1
NVD
NVD
added 2020/12/26 8:15 p.m.27 views

CVE-2020-35244

Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup...

9.8CVSS9.8AI score0.01145EPSS
Exploits1References1
Prion
Prion
added 2020/12/26 8:15 p.m.17 views

Sql injection

Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory...

7.5CVSS9.7AI score0.01145EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/12/26 8:15 p.m.16 views

Sql injection

Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb...

7.5CVSS9.7AI score0.01145EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/12/26 8:15 p.m.16 views

Sql injection

Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser...

7.5CVSS9.7AI score0.01145EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/12/26 8:15 p.m.9 views

Sql injection

Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup...

7.5CVSS9.7AI score0.01145EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/12/26 7:16 p.m.30 views

CVE-2020-35245

Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser...

9.8AI score0.01145EPSS
Exploits1References1
CVE
CVE
added 2020/12/26 7:16 p.m.57 views

CVE-2020-35245

CVE-2020-35245 affects Flamingo (FlamingoIM) up to 2020-09-29 with a SQL injection vulnerability in UserManager::addUser. Documented risk scores: CVSS2 base 7.5 (HIGH) and CVSS3.1 base 9.8 (CRITICAL). Exploit details are not provided in the connected documents; no remediation or patch version is ...

9.8CVSS9.7AI score0.01145EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/12/26 7:15 p.m.51 views

CVE-2020-35244

The CVE-2020-35244 entry identifies Flamingo (aka FlamingoIM) as affected through 2020-09-29 due to a SQL injection in UserManager::addGroup. The connected records confirm the component and the underlying flaw (SQL injection), but do not provide a concrete list of affected versions, affected conf...

9.8CVSS9.7AI score0.01145EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/12/26 7:15 p.m.37 views

CVE-2020-35244

Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup...

9.8AI score0.01145EPSS
Exploits1References1
Rows per page
Query Builder