|
246341
|
7.5 |
HIGH
Network
|
bitcoinknots
bitcoin
|
bitcoin_knots
bitcoin_core
|
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitabl…
|
NVD-CWE-noinfo
|
CVE-2018-17144
|
2024-11-21 12:53 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246342
|
9.8 |
CRITICAL
Network
|
coinlancer
|
coinlancer
|
The onlyOwner modifier of a smart contract implementation for Coinlancer (CL), an Ethereum ERC20 token, has a potential access control vulnerability. All contract users can access functions that use …
|
NVD-CWE-noinfo
|
CVE-2018-17111
|
2024-11-21 12:53 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246343
|
7.5 |
HIGH
Network
|
lucky9
|
lucky9io
|
The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum gambling game, generates a random value with the publicly readable variable entry_number. This variab…
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2018-17071
|
2024-11-21 12:53 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246344
|
7.5 |
HIGH
Network
|
monstra
|
monstra
|
admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests.
|
CWE-22
Path Traversal
|
CVE-2018-16820
|
2024-11-21 12:53 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246345
|
4.9 |
MEDIUM
Network
|
monstra
|
monstra
|
admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion via id=filesmanager&path=uploads/.......//./.......//./&delete_file= requests.
|
CWE-22
Path Traversal
|
CVE-2018-16819
|
2024-11-21 12:53 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246346
|
8.6 |
HIGH
Network
|
microsoft
|
active_directory_federation_services
|
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-16794
|
2024-11-21 12:53 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246347
|
5.3 |
MEDIUM
Network
|
circontrol
|
circarlife_scada
|
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id.
|
CWE-200
Information Exposure
|
CVE-2018-16671
|
2024-11-21 12:53 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246348
|
5.3 |
MEDIUM
Network
|
circontrol
|
circarlife_scada
|
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html.
|
CWE-287
Improper Authentication
|
CVE-2018-16670
|
2024-11-21 12:53 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246349
|
9.8 |
CRITICAL
Network
|
circontrol
|
open_charge_point_protocol
|
An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileg…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-16669
|
2024-11-21 12:53 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246350
|
5.3 |
MEDIUM
Network
|
circontrol
|
circarlife_scada
|
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository.
|
CWE-287
Improper Authentication
|
CVE-2018-16668
|
2024-11-21 12:53 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
