CVE-2012-2096

The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not properly validate voting data, which allows remote attackers to manipulate voting averages via a negative value in the vote parameter...

[M-02] BondingVotes.getPastVotes(): User can easily manipulate voting power for round

Lines of code Vulnerability details Impact User can take a collaterized loan of LPT and bond for a single round to gain voting power for a single round and vote on proposals. This is because when voting, only the single round is checked when retrieving the voting power via...

Bypass Vote Flipping Time Addition

Handle kirk-baird Vulnerability details Impact It is possible to bypass the additional 2hrs added to the length of voting when the vote flips from positive to negative or vice versa. This can be done by breaking the vote into two steps first sending enough fate to make the proposal zero. Then...

[Full-disclosure] [scip_Advisory] e107 v0.6 rate.php manipulation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 e107 v0.6 rate.php voting manipulation and forwarding vulnerability scip AG Vulnerability Advisory 11/10/2005 http://www.scip.ch I. INTRODUCTION e107 is the name of an open-source content management system cms that relies on php and sql. More...