Monthly Archive: July 2018

The mintToken function of a smart contract implementation for bonusToken (BNS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to...

The mintToken function of a smart contract implementation for GEMCHAIN (GEM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to...

In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c. Date published : 2018-07-04 http://www.securityfocus.com/bid/104687 https://github.com/ImageMagick/ImageMagick/issues/1195

The mintToken, buy, and sell functions of a smart contract implementation for LEF, an Ethereum token, have an integer overflow. Date published : 2018-07-04 https://github.com/safecomet/EtherTokens/blob/master/LEF%20%28LEF%29/LEF%20%28LEF%29.md

The mintToken function of a smart contract implementation for JavaSwapTest (JST), an Ethereum token, has an integer overflow. Date published : 2018-07-04 https://github.com/safecomet/EtherTokens/blob/master/JavaSwapTest%20%28JST%29/JavaSwapTest%20%28JST%29.md

The transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow. Date published : 2018-07-04 https://github.com/safecomet/EtherTokens/blob/master/Pandora%20%28PDX%29/Pandora%20%28PDX%29.md

A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The...

The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen. Date published : 2018-07-04 https://github.com/ultimatemember/ultimatemember/issues/456 https://github.com/ultimatemember/ultimatemember/releases/tag/2.0.18

TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI. Date published : 2018-07-04 https://www.exploit-db.com/exploits/45970/ https://www.xc0re.net/2018/05/25/tp-link-wireless-router-archer-c1200-cross-site-scripting/

Golden Frog VyprVPN before 2018-06-21 has a vulnerability associated with the installation process on Windows. Date published : 2018-07-04 https://fortiguard.com/zeroday/FG-VD-18-049 https://www.goldenfrog.com/blog/vyprvpn-secured-installation-vulnerability

The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers...

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web...

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web...

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web...