Monthly Archive: July 2018

WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default URI. Date published : 2018-07-12 https://www.exploit-db.com/exploits/44997/

Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689. Date published : 2018-07-12 http://packetstormsecurity.com/files/161944/Codiad-2.8.4-Remote-Code-Execution.html https://github.com/Codiad/Codiad/issues/1078

An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. An attacker could use it to set any user’s balance. Date published : 2018-07-12 https://github.com/VenusADLab/EtherTokens/blob/master/SHARKTECH/SHARKTECH.md...

An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. An attacker could use it to set any user’s balance. Date published : 2018-07-12 https://github.com/VenusADLab/EtherTokens/blob/master/SHARKTECH/SHARKTECH.md https://github.com/VenusADLab/EtherTokens/tree/master/Malaysia%20coins%28Xmc%29

An integer overflow vulnerability exists in the function transfer_tokens_after_ICO of GlobeCoin (GLB), an Ethereum token smart contract. An attacker could use it to set any user’s balance. Date published : 2018-07-12 https://github.com/VenusADLab/EtherTokens/blob/master/SHARKTECH/SHARKTECH.md https://github.com/VenusADLab/EtherTokens/tree/master/GlobeCoin%28GLB%29

An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user’s balance. Date published : 2018-07-12 https://github.com/VenusADLab/EtherTokens/blob/master/SHARKTECH/SHARKTECH.md https://github.com/VenusADLab/EtherTokens/tree/master/WeMediaChain%28WMC%29

An integer overflow vulnerability exists in the function distribute of MP3 Coin (MP3), an Ethereum token smart contract. An attacker could use it to set any user’s balance. Date published : 2018-07-12 https://github.com/VenusADLab/EtherTokens/blob/master/SHARKTECH/SHARKTECH.md https://github.com/VenusADLab/EtherTokens/tree/master/MP3%20Coin%28MP3%29

An integer overflow vulnerability exists in the function batchTransfer of SHARKTECH (SKT), an Ethereum token smart contract. An attacker could use it to set any user’s balance. Date published : 2018-07-12 https://github.com/VenusADLab/EtherTokens/blob/master/SHARKTECH/SHARKTECH.md

Catfish CMS v4.7.9 allows XSS via the admin/Index/write.html editorValue parameter (aka an article posted by an administrator). Date published : 2018-07-12 https://github.com/xwlrbh/Catfish/issues/2

ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security -> Manager Users or (2) Security -> Web Users. Date published : 2018-07-12 https://github.com/ClipperCMS/ClipperCMS/issues/491

Genann through 2018-07-08 has a SEGV in genann_run in genann.c. Date published : 2018-07-12 https://github.com/codeplea/genann/issues/24#issuecomment-404429236

Genann through 2018-07-08 has a stack-based buffer over-read in genann_train in genann.c. Date published : 2018-07-12 https://github.com/codeplea/genann/issues/24#issue-340516591

An integer overflow vulnerability exists in the function multiTransfer of Rocket Coin (XRC), an Ethereum token smart contract. An attacker could use it to set any user’s balance. Date published : 2018-07-12 https://github.com/VenusADLab/EtherTokens/blob/master/SHARKTECH/SHARKTECH.md https://github.com/VenusADLab/EtherTokens/tree/master/Rocket%20Coin%28XRC%29

An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site. Date published : 2018-07-12 https://bugs.launchpad.net/mailman/+bug/1780874 https://security.gentoo.org/glsa/201904-10