| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The mintToken function of a smart contract implementation for Ethereum Cash Pro (ECP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
| The transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party. |
| The transfer and transferFrom functions of a smart contract implementation for Easy Trading Token (ETT), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party. |
| The mintToken function of a smart contract implementation for Futures Pease (FP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
| The mintToken function of a smart contract implementation for Coinstar (CSTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
| The mintToken function of a smart contract implementation for Good Time Coin (GTY), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
| The mintToken function of a smart contract implementation for Plaza Token (PLAZA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
| The mintToken function of a smart contract implementation for MODI Token (MODI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
| The mintToken function of a smart contract implementation for GZS Token (GZS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
| The mintToken function of a smart contract implementation for Carbon Exchange Coin Token (CEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
| The mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
| Easy!Appointments 1.3.0 has a Missing Authorization issue allowing retrieval of hashed passwords and salts. |
| The mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. |
| Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring. |
| An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server. |
| BWS Systems HA-Bridge devices allow remote attackers to obtain potentially sensitive information via a direct request for the #!/system URI. |
| Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI. |
| Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.html#ipsettings or basic.html#datadelivery URI. |
| WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the wp-includes/post.php wp_delete_attachment function. The attacker must have capabilities for files and posts that are normally available only to the Author, Editor, and Administrator roles. The attack methodology is to delete wp-config.php and then launch a new installation process to increase the attacker's privileges. |
| qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket. |
