|
247281
|
7.5 |
HIGH
Network
|
sp8de
|
sp8de_presale_token
|
SP8DE PreSale Token (DSPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-13127
|
2024-11-21 12:46 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247282
|
7.5 |
HIGH
Network
|
moxy
|
moxyonepresale
|
MoxyOnePresale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-13126
|
2024-11-21 12:46 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247283
|
9.8 |
CRITICAL
Network
|
onefilecms
|
onefilecms
|
onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to read arbitrary files via the i and f parameters, as demonstrated by ?i=etc/&f=passwd&p=raw_view for the /etc/passwd file.
|
CWE-200
Information Exposure
|
CVE-2018-13123
|
2024-11-21 12:46 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247284
|
6.5 |
MEDIUM
Network
|
onefilecms
|
onefilecms
|
onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to delete arbitrary files via the Delete File(s) screen, as demonstrated by a ?i=var/www/html/&f=123.php&p=edit&p=deletefile URI.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-13122
|
2024-11-21 12:46 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247285
|
5.5 |
MEDIUM
Local
|
realnetworks
|
realone_player
|
RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-13121
|
2024-11-21 12:46 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247286
|
9.8 |
CRITICAL
Network
|
zzcms
|
zzcms
|
/user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table.
|
CWE-89
SQL Injection
|
CVE-2018-13116
|
2024-11-21 12:46 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247287
|
7.5 |
HIGH
Network
|
easy_trading_token_project
|
easy_trading_token
|
The transfer and transferFrom functions of a smart contract implementation for Easy Trading Token (ETT), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-13113
|
2024-11-21 12:46 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247288
|
7.5 |
HIGH
Network
|
broadcom
|
tcpreplay
|
get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcp…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-13112
|
2024-11-21 12:46 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247289
|
4.8 |
MEDIUM
Network
|
clippercms
|
clippercms
|
ClipperCMS 1.3.3 has stored XSS via the "Tools -> Configuration" screen of the manager/ URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-13106
|
2024-11-21 12:46 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247290
|
7.8 |
HIGH
Local
|
anydesk
|
anydesk
|
AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability.
|
CWE-426
Untrusted Search Path
|
CVE-2018-13102
|
2024-11-21 12:46 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
