CVE-2018-10944
The request_dividend function of a smart contract implementation for ROC (aka Rasputin Online Coin), an Ethereum ERC20 token, allows attackers to steal all of the contract’s Ether.
Source: CVE-2018-10944
[월:] 2018년 05월
CVE-2018-11031
CVE-2018-11031
application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request.
Source: CVE-2018-11031
CVE-2018-11033
CVE-2018-11033
The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data.
Source: CVE-2018-11033
CVE-2018-11032
CVE-2018-11032
PHPRAP 1.0.4 through 1.0.8 has SQL Injection via the application/home/controller/project.php search() function.
Source: CVE-2018-11032
CVE-2018-11018
CVE-2018-11018
An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html.
Source: CVE-2018-11018
CVE-2018-11017
CVE-2018-11017
The newVar_N function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.
Source: CVE-2018-11017
CVE-2018-10678
CVE-2018-10678
MyBB 1.8.15, when accessed with Microsoft Edge, mishandles ‘target="_blank" rel="noopener"’ in A elements, which makes it easier for remote attackers to conduct redirection attacks.
Source: CVE-2018-10678
CVE-2018-11013
CVE-2018-11013
Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header.
Source: CVE-2018-11013
CVE-2018-10998
CVE-2018-10998
An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.
Source: CVE-2018-10998
CVE-2018-10999
CVE-2018-10999
An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read.
Source: CVE-2018-10999