Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
logic flaw vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-35133
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and previous versions unsupported versions.
Moodle Moodle 4.2.0
Moodle Moodle
7.5
CVSSv3
CVE-2020-21503
waimai Super Cms 20150505 has a logic flaw allowing malicious users to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free.
Waimai Super Cms Project Waimai Super Cms 20150505
5.3
CVSSv3
CVE-2018-16157
waimai Super Cms 20150505 has a logic flaw allowing malicious users to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=cart&a=save item_totals parameter to zero, the entire cart is sold for free.
Bijiadao Waimai Super Cms 20150505
8.8
CVSSv3
CVE-2012-3462
A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context.
Fedoraproject Sssd 1.9.0
4.6
CVSSv3
CVE-2018-3891
An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw, resulting in a firmware downgrade. An attacker can insert an SD card to trigger this vulnerability.
Yitechnology Yi Home Camera Firmware 1.8.7.0d
6.8
CVSSv3
CVE-2018-3890
An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. An attacker can insert an SD card to trigger this vulnerabi...
Yitechnology Yi Home Camera Firmware 1.8.7.0d
6.8
CVSSv3
CVE-2023-46446
An issue in AsyncSSH prior to 2.14.1 allows malicious users to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."
Asyncssh Project Asyncssh
1 Github repository
1 Article
7.5
CVSSv3
CVE-2018-16789
libhttp/url.c in shellinabox up to and including 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resource...
Shellinabox Project Shellinabox
5.3
CVSSv3
CVE-2016-2169
Cloud Foundry Cloud Controller, capi-release versions before 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for t...
Cloudfoundry Capi-release
Cloudfoundry Cf-release
7.8
CVSSv3
CVE-2020-6070
An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigg...
F2fs-tools Project F2fs-tools 1.12.0
Fedoraproject Fedora 33
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744
privilege escalation
CVE-2024-30253
CVE-2024-3914
cross-site scripting
CVE-2024-31497
CVE-2024-3400
CVE-2024-32341
hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »