EUVD-2020-23290

Malware in sbrugna...

Safeguarding Election Integrity: Threat Hunting for the U.S. Elections

Safeguarding Election Integrity: Threat Hunting for the U.S. Elections By Ernesto Provecho and John Fokker · December 20, 2024 This blog was also written by Max Kersten With 2024 being a major election year globally, the stakes for election security were and remain high. More than 60 countries,...

CVE-2024-45987

Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery CSRF via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically submits a vote for a specified party without the user's consent ...

CVE-2024-45987

Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery CSRF via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically submits a vote for a specified party without the user's consent ...

CVE-2024-45987

Summary: CVE-2024-45987 affects Projectworld Online Voting System 1.0, with a CSRF vulnerability exploitable via the voter.php endpoint. An attacker can craft a malicious link that, when clicked by an authenticated user, submits a vote for a chosen party without user consent, abusing the user’s a...

BIT-MEDIAWIKI-2020-35624

An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1. The non-admin vote list contains a full vote timestamp, which may provide unintended clues about how a voting process unfolded...

SecurityCouncilMemberElectionGovernor propose() function is not properly restricted

Lines of code Vulnerability details summary The propose function in the SecurityCouncilMemberElectionGovernor contract is not properly restricted. This means that any user can call it, including attackers. Description The propose function in the SecurityCouncilMemberElectionGovernor contract is...

The code uses arithmetic operations without explicitly checking for possible overflows or underflows

Lines of code Vulnerability details Impact The impact of the Integer Overflow/Underflow vulnerability can be summarized as follows: Data Inaccuracy: The vulnerability can lead to incorrect calculations and inaccurate data, potentially compromising the integrity of voting processes and other...

User may force fail the action from the DAO:execute

Lines of code Vulnerability details Description The execute function from the DAO.sol contract allow to execution of any call to any address if the caller has appropriate permission. Some calls are expected to be always successfully executed, and some may revert and execute will continue the...

User Votes will stuck

Lines of code Vulnerability details Impact Due to insufficient checks User will not be able to withdraw there Votes after a non successful proposal. 1. The effect could be permanent if majority vote holders participated in the proposal, such that new proposal can't be created due to noone having...

MISSING INPUT CKECK WHEN SETTING NEW **QuorumCoefficient**

Lines of code Vulnerability details Impact In the setQuorumCoefficient , setDynamicQuorumParams functions when the admin sets a new QuorumCoefficient, there is no check on the newQuorumCoefficient parameter which means that a wrong QuorumCoefficient could be set either being very big or very smal...

CVE-2020-35624

An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1. The non-admin vote list contains a full vote timestamp, which may provide unintended clues about how a voting process unfolded...

Design/Logic Flaw

An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1. The non-admin vote list contains a full vote timestamp, which may provide unintended clues about how a voting process unfolded...

2020 Was a Secure Election

Over at Lawfare: "2020 Is An Election Security Success Story So Far." What’s more, the voting itself was remarkably smooth. It was only a few months ago that professionals and analysts who monitor election administration were alarmed at how badly unprepared the country was for voting during a...