146 matches found
recoverEther not updating currentWithheldETH breaks calculation of withheld amount for further deposits
Lines of code Vulnerability details The emergency exit function recoverEther allows the owner to retrieve the ETH in case an issue were to happen. The problem is that this function does not update currentWithheldETH. This means upon deposit starting again after the emergency recovery,...
withheld_amt calculation is done after minting frxETHToken tokens
Lines of code Vulnerability details Proof of concept The submit method in frxETHMinter.sol has the following code // Give the sender frxETH frxETHToken.mintermintrecipient, msg.value; // Track the amount of ETH that we are keeping uint256 withheldamt = 0; if withholdRatio != 0 withheldamt =...
Admin rug vector in moveWithheldETH()
Lines of code Vulnerability details According to the documentation, currentWithheldETH is meant to: withhold part of the ETH deposit for future use, such as to earn yield in other places to supplement the ETH 2.0 staking yield The issue is that the owner can call moveWithheldETH with an arbitrary...
m.x42n6u.cyou Cross Site Scripting vulnerability OBB-2863012
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
karo.umk.pl Cross Site Scripting vulnerability OBB-2847877
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
adconfection.fr Cross Site Scripting vulnerability OBB-2836730
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
rsquaremedia.com Cross Site Scripting vulnerability OBB-2745784
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ghostmarketing.co.uk Cross Site Scripting vulnerability OBB-2739614
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
edinburghcastleapartments.com Cross Site Scripting vulnerability OBB-2738311
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
radare2 缓冲区错误漏洞
radare2 is a set of libraries and tools for working with binary files. A security vulnerability exists in radare2 that stems from an error that causes the program to read more data than is expected at the end of a buffer. No details of the vulnerability are provided at this time...
rataboutique.com Cross Site Scripting vulnerability OBB-2493985
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
urang.it Cross Site Scripting vulnerability OBB-2380523
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
circuitdigest.com Cross Site Scripting vulnerability OBB-2163395
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
gamemeca.com Cross Site Scripting vulnerability OBB-2152291
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
salzburgtours.at Cross Site Scripting vulnerability OBB-2147238
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
school-collection.edu.ru Cross Site Scripting vulnerability OBB-2142986
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
offer.com.cy Cross Site Scripting vulnerability OBB-2128813
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Samsung Bixby Voice 安全漏洞
Samsung Bixby Voice is an application from the South Korean company Samsung. It provides a voice recognition function. Bixby Voice suffers from a security vulnerability that allows an attacker to perform privileged actions by hijacking and modifying the intent. No details of the vulnerability are...
treadmill.site123.me Cross Site Scripting vulnerability OBB-1480224
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
blog.urbanfile.org Improper Access Control vulnerability OBB-1471579
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...