# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
12601 |
CVE-2018-13085 |
190 |
|
Overflow |
2018-07-02 |
2018-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The mintToken function of a smart contract implementation for FreeCoin (FREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
12602 |
CVE-2018-13084 |
190 |
|
Overflow |
2018-07-02 |
2018-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The mintToken function of a smart contract implementation for Good Time Coin (GTY), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
12603 |
CVE-2018-13083 |
190 |
|
Overflow |
2018-07-02 |
2018-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The mintToken function of a smart contract implementation for Plaza Token (PLAZA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
12604 |
CVE-2018-13082 |
190 |
|
Overflow |
2018-07-02 |
2018-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The mintToken function of a smart contract implementation for MODI Token (MODI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
12605 |
CVE-2018-13081 |
190 |
|
Overflow |
2018-07-02 |
2018-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The mintToken function of a smart contract implementation for GZS Token (GZS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
12606 |
CVE-2018-13080 |
190 |
|
Overflow |
2018-07-02 |
2018-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The mintToken function of a smart contract implementation for Goutex (GTX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
12607 |
CVE-2018-13079 |
190 |
|
Overflow |
2018-07-02 |
2018-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The mintToken function of a smart contract implementation for GoodTo (GTO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
12608 |
CVE-2018-13078 |
190 |
|
Overflow |
2018-07-02 |
2018-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The mintToken function of a smart contract implementation for Jitech (JTH), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
12609 |
CVE-2018-13077 |
190 |
|
Overflow |
2018-07-02 |
2018-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The mintToken function of a smart contract implementation for CTB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
12610 |
CVE-2018-13076 |
190 |
|
Overflow |
2018-07-02 |
2018-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The mintToken function of a smart contract implementation for Betcash (BC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
12611 |
CVE-2018-13075 |
190 |
|
Overflow |
2018-07-02 |
2018-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The mintToken function of a smart contract implementation for Carbon Exchange Coin Token (CEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
12612 |
CVE-2018-13074 |
190 |
|
Overflow |
2018-07-02 |
2018-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The mintToken function of a smart contract implementation for FIBToken (FIB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
12613 |
CVE-2018-13073 |
190 |
|
Overflow |
2018-07-02 |
2018-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The mintToken function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
12614 |
CVE-2018-13072 |
190 |
|
Overflow |
2018-07-02 |
2018-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The mintToken function of a smart contract implementation for Coffeecoin (COFFEE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
12615 |
CVE-2018-13071 |
190 |
|
Overflow |
2018-07-02 |
2018-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
12616 |
CVE-2018-13070 |
190 |
|
Overflow |
2018-07-02 |
2018-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The mintToken function of a smart contract implementation for EncryptedToken (ECC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
12617 |
CVE-2018-13069 |
190 |
|
Overflow |
2018-07-02 |
2018-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The mintToken function of a smart contract implementation for DYchain (DYC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
12618 |
CVE-2018-13068 |
190 |
|
Overflow |
2018-07-02 |
2018-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The mintToken function of a smart contract implementation for AzurionToken (AZU), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
12619 |
CVE-2018-13067 |
352 |
|
CSRF |
2018-07-02 |
2018-09-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
/upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password. |
12620 |
CVE-2018-13066 |
772 |
|
DoS |
2018-07-02 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
There is a memory leak in util/parser.c in libming 0.4.8, which will lead to a denial of service via parseSWF_DEFINEBUTTON2, parseSWF_DEFINEFONT, parseSWF_DEFINEFONTINFO, parseSWF_DEFINELOSSLESS, parseSWF_DEFINESPRITE, parseSWF_DEFINETEXT, parseSWF_DOACTION, parseSWF_FILLSTYLEARRAY, parseSWF_FRAMELABEL, parseSWF_LINESTYLEARRAY, parseSWF_PLACEOBJECT2, or parseSWF_SHAPEWITHSTYLE. |
12621 |
CVE-2018-13065 |
79 |
|
XSS |
2018-07-03 |
2018-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
** DISPUTED ** ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured. |
12622 |
CVE-2018-13056 |
20 |
|
|
2018-07-02 |
2018-09-04 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcms_main table and then making an img add request. This can be leveraged for database access by deleting install.lock. |
12623 |
CVE-2018-13055 |
79 |
|
XSS |
2018-08-03 |
2018-10-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. |
12624 |
CVE-2018-13054 |
59 |
|
|
2018-07-02 |
2018-09-04 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user's $HOME/.face location. If an unprivileged user prepares a symlink pointing to an arbitrary location, then this location will be overwritten with the icon content. |
12625 |
CVE-2018-13052 |
|
|
|
2018-07-05 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one process that executes as Admin. |
12626 |
CVE-2018-13050 |
89 |
|
Sql |
2018-07-02 |
2018-08-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request. |
12627 |
CVE-2018-13049 |
89 |
|
Sql |
2018-07-02 |
2018-08-30 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php. |
12628 |
CVE-2018-13045 |
89 |
|
Exec Code Sql |
2019-01-02 |
2019-01-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier allows attackers to execute arbitrary SQL commands via the "id" parameter. |
12629 |
CVE-2018-13043 |
94 |
|
Exec Code |
2018-07-01 |
2019-08-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing. |
12630 |
CVE-2018-13042 |
20 |
|
DoS |
2018-10-05 |
2019-04-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an external application (since they are exported), it is possible to crash the 1Password instance. |
12631 |
CVE-2018-13041 |
190 |
|
Overflow |
2018-07-01 |
2018-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
12632 |
CVE-2018-13040 |
352 |
|
CSRF |
2018-07-01 |
2018-08-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account (at the admin level) via the index.php/man_user/insert URI. |
12633 |
CVE-2018-13039 |
79 |
|
XSS |
2018-07-01 |
2018-08-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
OpenSID 18.06-pasca has reflected Cross Site Scripting (XSS) via the cari parameter, aka an index.php/first?cari= URI. |
12634 |
CVE-2018-13038 |
434 |
|
|
2018-07-01 |
2018-08-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf Content-Type. |
12635 |
CVE-2018-13037 |
119 |
|
DoS Overflow |
2018-07-01 |
2018-08-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in jpeg-compressor 0.1. The bmp_load function in stb_image.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact. |
12636 |
CVE-2018-13034 |
22 |
|
Dir. Trav. |
2018-07-09 |
2018-08-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal in Jester web framework 0.2.0 allows remote attackers to fetch files in arbitrary locations via "..%f" sequences. |
12637 |
CVE-2018-13033 |
770 |
|
DoS |
2018-07-01 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm. |
12638 |
CVE-2018-13032 |
352 |
|
CSRF |
2018-07-01 |
2018-08-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI. |
12639 |
CVE-2018-13031 |
352 |
|
CSRF |
2018-07-05 |
2018-08-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
DamiCMS v6.0.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account. |
12640 |
CVE-2018-13030 |
119 |
|
DoS Overflow |
2018-06-30 |
2018-08-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in jpeg-compressor 0.1. The build_huffman function in stb_image.c allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact. |
12641 |
CVE-2018-13026 |
125 |
|
|
2018-06-30 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Type. |
12642 |
CVE-2018-13025 |
732 |
|
|
2018-06-29 |
2019-10-02 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter. |
12643 |
CVE-2018-13024 |
434 |
|
Exec Code |
2018-06-29 |
2018-08-24 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action. |
12644 |
CVE-2018-13023 |
78 |
|
Exec Code |
2018-11-27 |
2019-10-02 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
System command injection vulnerability in wifi_access in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute system commands via the "timeout" URL parameter. |
12645 |
CVE-2018-13022 |
79 |
|
XSS |
2018-11-27 |
2018-12-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path. |
12646 |
CVE-2018-13021 |
434 |
|
Exec Code |
2018-06-29 |
2018-08-21 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI. |
12647 |
CVE-2018-13013 |
754 |
|
Exec Code Bypass |
2018-06-29 |
2019-10-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Improper check of unusual conditions when launching msiexec.exe in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.9 allows the local attacker to bypass a code-signing protection mechanism and install/execute an unauthorized program by modifying the system configuration and installing a forged MSI file. (The intended behavior is that the component SysWatch does not allow installation of MSI files unless they are signed by a limited list of certificates.) |
12648 |
CVE-2018-13012 |
494 |
|
Exec Code |
2018-06-29 |
2019-10-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.12 allows the remote attacker to execute unauthorized code by substituting a forged update server. |
12649 |
CVE-2018-13011 |
125 |
|
|
2018-06-29 |
2018-08-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Validate. |
12650 |
CVE-2018-13010 |
352 |
|
CSRF |
2018-06-29 |
2018-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account. |