Total
322781 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12068 | 1 Tgtcoins | 1 Target Coin | 2024-11-21 | N/A |
| The sell function of a smart contract implementation for Target Coin (TGT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | ||||
| CVE-2018-12067 | 1 Substratum | 1 Substratum | 2024-11-21 | N/A |
| The sell function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | ||||
| CVE-2018-12066 | 1 Bird Project | 1 Bird | 2024-11-21 | N/A |
| BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service (stack consumption and daemon crash) via BGP mask expressions in birdc. | ||||
| CVE-2018-12065 | 1 Creatiwity | 1 Witycms | 2024-11-21 | N/A |
| A Local File Inclusion vulnerability in /system/WCore/WHelper.php in Creatiwity wityCMS 0.6.2 allows remote attackers to include local PHP files (execute PHP code) or read non-PHP files by replacing a helper.json file. | ||||
| CVE-2018-12064 | 1 Tinyexr Project | 1 Tinyexr | 2024-11-21 | N/A |
| tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChannelInfo in tinyexr.h. | ||||
| CVE-2018-12063 | 1 Intchain | 1 Node Token | 2024-11-21 | N/A |
| The sell function of a smart contract implementation for Internet Node Token (INT), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | ||||
| CVE-2018-12062 | 1 Swft | 1 Swftcoin | 2024-11-21 | N/A |
| The sell function of a smart contract implementation for SwftCoin (SWFTC), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the "tradeTrap" issue. | ||||
| CVE-2018-12056 | 1 All-for-one | 1 All For One | 2024-11-21 | N/A |
| The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved with a getStorageAt call. Therefore, it allows attackers to always win and get rewards. | ||||
| CVE-2018-12055 | 1 Schools Alert Management Script Project | 1 Schools Alert Management Script | 2024-11-21 | N/A |
| Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on. | ||||
| CVE-2018-12054 | 1 Schools Alert Management Script Project | 1 Schools Alert Management Script | 2024-11-21 | N/A |
| Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal. | ||||
| CVE-2018-12053 | 1 Schools Alert Management Script Project | 1 Schools Alert Management Script | 2024-11-21 | N/A |
| Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal. | ||||
| CVE-2018-12052 | 1 Schools Alert Management Script Project | 1 Schools Alert Management Script | 2024-11-21 | N/A |
| SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php. | ||||
| CVE-2018-12051 | 1 Schools Alert Management Script Project | 1 Schools Alert Management Script | 2024-11-21 | N/A |
| Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type. | ||||
| CVE-2018-12049 | 1 Canon | 2 Lbp6030w, Lbp6030w Firmware | 2024-11-21 | N/A |
| A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation | ||||
| CVE-2018-12048 | 1 Canon | 2 Lbp7110cw, Lbp7110cw Firmware | 2024-11-21 | N/A |
| A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation | ||||
| CVE-2018-12047 | 1 Ximdex | 1 Ximdex | 2024-11-21 | N/A |
| xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters for non-negative values of n, as demonstrated by n equal to 0 through 12. | ||||
| CVE-2018-12046 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file. | ||||
| CVE-2018-12045 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file. | ||||
| CVE-2018-12043 | 1 Getsymphony | 1 Symphony | 2024-11-21 | N/A |
| content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page. | ||||
| CVE-2018-12042 | 1 Roxyfileman | 1 Roxy Fileman | 2024-11-21 | N/A |
| Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter. | ||||