|
248971
|
5.9 |
MEDIUM
Network
|
rasputinonline
|
rasputin_online_coin
|
The request_dividend function of a smart contract implementation for ROC (aka Rasputin Online Coin), an Ethereum ERC20 token, allows attackers to steal all of the contract's Ether.
|
NVD-CWE-noinfo
|
CVE-2018-10944
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248972
|
7.8 |
HIGH
Local
|
xpdfreader
|
xpdf
|
The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other imp…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-11033
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248973
|
9.8 |
CRITICAL
Network
|
gouguoyin
|
phprap
|
PHPRAP 1.0.4 through 1.0.8 has SQL Injection via the application/home/controller/project.php search() function.
|
CWE-89
SQL Injection
|
CVE-2018-11032
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248974
|
9.8 |
CRITICAL
Network
|
gouguoyin
|
phprap
|
application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-11031
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248975
|
8.8 |
HIGH
Network
|
pbootcms
|
pbootcms
|
An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts vi…
|
CWE-352
Origin Validation Error
|
CVE-2018-11018
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248976
|
8.8 |
HIGH
Network
|
libming
|
libming
|
The newVar_N function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-11017
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248977
|
9.8 |
CRITICAL
Network
|
d-link
|
dir-816_a2_firmware
|
Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code v…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-11013
|
2024-11-21 12:42 |
2018-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248978
|
6.1 |
MEDIUM
Network
|
halo
|
halo
|
ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11012
|
2024-11-21 12:42 |
2018-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248979
|
6.1 |
MEDIUM
Network
|
halo
|
halo
|
ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11011
|
2024-11-21 12:42 |
2018-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248980
|
8.8 |
HIGH
Network
|
sdcms
|
sdcms
|
An issue was discovered in SDcms v1.5. Cross-site request forgery (CSRF) vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=ad…
|
CWE-352
Origin Validation Error
|
CVE-2018-11004
|
2024-11-21 12:42 |
2018-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
