53 matches found
Open Redirect
microweber is vulnerable to open redirect. An attacker is able to avert a user to a malicious website via an extra slash '/' through the logout function in the UserManager...
UserManager: updateLockedData() doesn't check that the amount is actually locked.
Handle itsmeSTYJ Vulnerability details Impact The function updateLockedData does not actually check if the amount required to be locked is actually locked. Proof of Concept Same solution as my other high issue. I've added comments where relevant. function updateLockedData address borrower, uint25...
UserManager: debtWriteOff() function doesn't update state in comptroller
Handle itsmeSTYJ Vulnerability details Thoughts The debtWriteOff function calls updateTotalFrozen instead of updateTotalFrozen. It is not clear if the comptroller's state should also be updated if totalStaked is modified which it is when you write debt off. If it is then updateTotalFrozen should ...
Wrong implementation of CreditLimitByMedian.sol#getLockedAmount() will lock a much bigger total amount of staked tokens than expected
Handle WatchPug Vulnerability details function getLockedAmount LockedInfo memory array, address account, uint256 amount, bool isIncrease public pure override returns uint256 if array.length == 0 return 0; uint256 newLockedAmount; if isIncrease for uint256 i = 0; i arrayi.lockedAmount...
UserManager: totalStaked ≥ totalFrozen should be checked before and after totalFrozen is updated
Handle itsmeSTYJ Vulnerability details Impact The require statement in updateTotalFrozen and batchUpdateTotalFrozen to check that totalStaked ≥ totalFrozen should be done both before and after updateTotalFrozen is called to ensure that totalStake is still ≥ totalFrozen. This will serve as a sanit...
Wrong implementation of CreditLimitByMedian.sol#getLockedAmount() makes it unable to unlock lockedAmount in CreditLimitByMedian model
Handle WatchPug Vulnerability details function getLockedAmount LockedInfo memory array, address account, uint256 amount, bool isIncrease public pure override returns uint256 if array.length == 0 return 0; uint256 newLockedAmount; if isIncrease ... else for uint256 i = 0; i amount newLockedAmount ...
Wrong calculation of FrozenCoinAge
Handle WatchPug Vulnerability details The current implementation of Comptroller.soladdFrozenCoinAge and UserManager.solgetFrozenCoinAge, the duration of overdue time is calculated based on the block number of lastRepay and the current block number. However, since the borrower may have never repai...
CVE-2020-35245
Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser...
CVE-2020-35243
Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb...
CVE-2020-35242
Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory...
CVE-2020-35242
Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory...
CVE-2020-35244
Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup...
Sql injection
Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory...
Sql injection
Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb...
Sql injection
Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser...
Sql injection
Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup...
CVE-2020-35245
Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser...
CVE-2020-35245
CVE-2020-35245 affects Flamingo (FlamingoIM) up to 2020-09-29 with a SQL injection vulnerability in UserManager::addUser. Documented risk scores: CVSS2 base 7.5 (HIGH) and CVSS3.1 base 9.8 (CRITICAL). Exploit details are not provided in the connected documents; no remediation or patch version is ...
CVE-2020-35244
The CVE-2020-35244 entry identifies Flamingo (aka FlamingoIM) as affected through 2020-09-29 due to a SQL injection in UserManager::addGroup. The connected records confirm the component and the underlying flaw (SQL injection), but do not provide a concrete list of affected versions, affected conf...
CVE-2020-35244
Flamingo aka FlamingoIM through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup...