Writeup Exploits

62,890 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-13768 WRITEUP HIGH
ZToken - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for ZToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13769 WRITEUP HIGH
JeansToken - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for JeansToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13770 WRITEUP HIGH
UltimateCoin - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for UltimateCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13771 WRITEUP HIGH
ExacoreContract - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for ExacoreContract, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13772 WRITEUP HIGH
TheFlashToken - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for TheFlashToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13773 WRITEUP HIGH
NetkillerToken - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for Enterprise Token Ecosystem (ETE) (Contract Name: NetkillerToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13774 WRITEUP HIGH
Bitstarti - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for Bitstarti, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13775 WRITEUP HIGH
RCKT_Coin - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for RCKT_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13776 WRITEUP HIGH
AppleToken - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for AppleToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13777 WRITEUP HIGH
RRToken - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for RRToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13778 WRITEUP HIGH
CGCToken - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for CGCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13779 WRITEUP HIGH
YLCToken - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13780 WRITEUP HIGH
esh - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for ESH, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13781 WRITEUP HIGH
MyYLCToken - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
CVE-2018-13982 WRITEUP HIGH
Smarty < 3.1.33 - Path Traversal via Trusted Resource Directory Bypass
Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.
CVSS 7.5
CVE-2018-14469 WRITEUP HIGH
tcpdump < 4.9.3 - Out-of-bounds Read in IKEv1 Parser
The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().
CVSS 7.5
CVE-2018-14847 WRITEUP CRITICAL
MikroTik RouterOS <6.42 - Path Traversal
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
CVSS 9.1
CVE-2018-14847 WRITEUP CRITICAL
MikroTik RouterOS <6.42 - Path Traversal
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
CVSS 9.1
CVE-2018-14879 WRITEUP HIGH
tcpdump <4.9.3 - Buffer Overflow
The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().
CVSS 7.0
CVE-2018-14880 WRITEUP HIGH
tcpdump < 4.9.3 - Out-of-bounds Read in OSPFv3 Parser
The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().
CVSS 7.5
CVE-2018-14881 WRITEUP HIGH
tcpdump < 4.9.3 - Out-of-bounds Read in BGP Parser
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).
CVSS 7.5
CVE-2018-15120 WRITEUP MEDIUM
Pango 1.40.8-1.42.3 - Denial of Service via Invalid Unicode Sequences
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
CVSS 6.5
CVE-2018-15585 WRITEUP MEDIUM
GNUBOARD5 < 5.3.1.6 - Cross-Site Scripting via Popup Title Parameter
Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter.
CVSS 6.1
CVE-2018-16586 WRITEUP MEDIUM
Open Ticket Request System 4.0.0-4.0.31 - Cross-Site Request Forgery via Malicious Email
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources.
CVSS 4.3
CVE-2018-16587 WRITEUP MEDIUM
Open Ticket Request System 4.0.0-4.0.31 - Arbitrary File Deletion via Malicious Email
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to.
CVSS 6.5