|
246601
|
5.5 |
MEDIUM
Local
|
radare
|
radare2
|
The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini Cra…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-14016
|
2024-11-21 12:48 |
2018-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246602
|
5.5 |
MEDIUM
Local
|
radare
|
radare2
|
The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input valid…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-14015
|
2024-11-21 12:48 |
2018-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246603
|
8.8 |
HIGH
Network
|
super_cms_project
|
super_cms
|
In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd.
|
CWE-352
Origin Validation Error
|
CVE-2018-14014
|
2024-11-21 12:48 |
2018-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246604
|
9.8 |
CRITICAL
Network
|
wolfsight
|
wolfsight_cms
|
WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default URI.
|
CWE-89
SQL Injection
|
CVE-2018-14012
|
2024-11-21 12:48 |
2018-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246605
|
6.5 |
MEDIUM
Network
|
gnu
|
mailman
|
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
|
CWE-20
Improper Input Validation
|
CVE-2018-13796
|
2024-11-21 12:48 |
2018-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246606
|
9.8 |
CRITICAL
Network
|
codiad
|
codiad
|
Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.
|
CWE-20
Improper Input Validation
|
CVE-2018-14009
|
2024-11-21 12:48 |
2018-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246607
|
7.5 |
HIGH
Network
|
ngtoken_project
|
ngtoken
|
An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. An attacker could use it to set any user's balance.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-14006
|
2024-11-21 12:48 |
2018-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246608
|
7.5 |
HIGH
Network
|
malaysiancoin_project
|
malaysiancoin
|
An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. An attacker could use it to set any user's balance.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-14005
|
2024-11-21 12:48 |
2018-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246609
|
7.5 |
HIGH
Network
|
globecoin_project
|
globecoin
|
An integer overflow vulnerability exists in the function transfer_tokens_after_ICO of GlobeCoin (GLB), an Ethereum token smart contract. An attacker could use it to set any user's balance.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-14004
|
2024-11-21 12:48 |
2018-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246610
|
9.8 |
CRITICAL
Network
|
mutt
neomutt
canonical
debian
redhat
|
mutt
neomutt
ubuntu_linux
debian_linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_server_eus
enterprise_linux_server_tus
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command as…
|
CWE-78
OS Command
|
CVE-2018-14357
|
2024-11-21 12:48 |
2018-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
