Exploit Database
146,695 exploits tracked across all sources.
EnterCoin - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
JiucaiToken - Integer Overflow in mintToken Function
The mintToken function of a smart contract implementation for JiucaiToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS 7.5
node-macaddress < 0.2.9 - OS Command Injection via Unsanitized Input to exec Call
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.
CVSS 9.8
symfony/twig < 2.4.4 - Server-Side Template Injection via search_key Parameter
Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it
CVSS 9.8
Rocket Coin - Integer Overflow in multiTransfer Function
An integer overflow vulnerability exists in the function multiTransfer of Rocket Coin (XRC), an Ethereum token smart contract. An attacker could use it to set any user's balance.
CVSS 7.5
Smarty < 3.1.33 - Path Traversal via Trusted Resource Directory Bypass
Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.
CVSS 7.5
MP3 Coin - Integer Overflow in Distribute Function
An integer overflow vulnerability exists in the function distribute of MP3 Coin (MP3), an Ethereum token smart contract. An attacker could use it to set any user's balance.
CVSS 7.5
WeMediaChain - Memory Corruption
An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user's balance.
CVSS 7.5
GlobeCoin - Integer Overflow in transfer_tokens_after_ICO Function
An integer overflow vulnerability exists in the function transfer_tokens_after_ICO of GlobeCoin (GLB), an Ethereum token smart contract. An attacker could use it to set any user's balance.
CVSS 7.5
Malaysia coins (Xmc) - Code Injection
An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. An attacker could use it to set any user's balance.
CVSS 7.5
Neo Genesis Token - Buffer Overflow
An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. An attacker could use it to set any user's balance.
CVSS 7.5
Codiad < 2.8.4 - Remote Code Execution
Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.
CVSS 9.8
ZNC <1.7.1-rc1 - Privilege Escalation
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.
CVSS 6.5
Geo Mashup <1.10.4 - Info Disclosure
The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input.
CVSS 9.8
H2 <1.4.197 - Info Disclosure
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.
CVSS 6.5
Mutt <1.10.1 - Info Disclosure
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message.
CVSS 9.8
Mutt < 1.10.1 and NeoMutt < 20180716 - Stack-based Buffer Overflow via Long INTERNALDATE Field
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field.
CVSS 9.8
Mutt < 1.10.1 and NeoMutt < 20180716 - Denial of Service via IMAP Status Mailbox Literal Count
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size.
CVSS 9.8
Mutt < 1.10.1 and NeoMutt < 20180716 - Stack-based Buffer Overflow in imap_quote_string
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow.
CVSS 9.8
Mutt < 1.10.1 and NeoMutt < 20180716 - Integer Underflow in imap_quote_string
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.
CVSS 9.8
Mutt < 1.10.1 and NeoMutt < 20180716 - OS Command Injection via IMAP Mailboxes Command
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.
CVSS 9.8
Mutt <1.10.1 - Path Traversal
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name.
CVSS 5.3
Mutt <1.10.1 - Info Disclosure
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.
CVSS 9.8
Mutt < 1.10.1 and NeoMutt < 20180716 - Remote Command Execution via IMAP Mailbox Subscription
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.
CVSS 9.8
Mutt < 1.10.1 and NeoMutt < 20180716 - Stack-based Buffer Overflow via Long RFC822.SIZE FETCH Response
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field.
CVSS 9.8
By Source