CVE-2018-12975

The random function of the smart contract implementation for CryptoSaga, an Ethereum game, generates a random value with publicly readable variables such as timestamp, the current block's blockhash, and a private variable which can be read with a getStorageAt call. Therefore, attackers can...

Lone Wolf loadingDOCS Insecure Permissions

EZMAX SECURITY ADVISORY https://www.ezmax.ca/ Product: Loading Docs Vendor: Lone Wolf Technologies http://www.lwolf.com CVE ID: CVE-2018-15502 NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-15502 Subject: Insecure permissions allow remote attackers to download any confidential files via http...

CVE-2018-16242

oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy BLE to replay ciphertext based on a predictable nonce used in the locking protocol...

Design/Logic Flaw

oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy BLE to replay ciphertext based on a predictable nonce used in the locking protocol...

CVE-2018-16242

oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy BLE to replay ciphertext based on a predictable nonce used in the locking protocol...

CVE-2018-16242

The CVE-2018-16242 entry describes oBike’s use of Hangzhou Luoping Smart Locker, where an attacker can bypass the locking mechanism by replaying ciphertext in a BLE-based protocol that uses a predictable nonce. Affected component is the bicycle lock system's BLE lock protocol; the underlying issu...

CVE-2018-15502

Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 allow remote attackers to download any confidential files via https requests for predictable URLs...

Code injection

Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 allow remote attackers to download any confidential files via https requests for predictable URLs...

CVE-2018-15502

Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 allow remote attackers to download any confidential files via https requests for predictable URLs...

CVE-2018-15502

The CVE-2018-15502 entry concerns Lone Wolf Technologies loadingDOCS. An insecure permissions flaw in the 2018-08-13 version allows remote attackers to download confidential files by issuing HTTPS requests to predictable URLs. The root cause is inadequate access controls on resources, enabling un...

CVE-2018-15552

The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets" which is private, yet predictable and readable by the eth.getStorageAt function. Therefore, it allow...

CVE-2018-15684

An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory /include/logs using predictable file names, which can lead to full path disclosure and leakage of sensitive data...

CVE-2018-15684

An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory /include/logs using predictable file names, which can lead to full path disclosure and leakage of sensitive data...

CVE-2018-15681

An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully steals this cookie c...

Default credentials

An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully steals this cookie c...

Design/Logic Flaw

An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory /include/logs using predictable file names, which can lead to full path disclosure and leakage of sensitive data...

CVE-2018-15681

An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully steals this cookie c...

CVE-2018-15684

An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory /include/logs using predictable file names, which can lead to full path disclosure and leakage of sensitive data...

CVE-2018-15684

CVE-2018-15684 concerns BTITeam XBTIT where PHP error logs are stored in an open directory (/include/logs) with predictable filenames, enabling full path disclosure and leakage of sensitive data. The vulnerability is described across multiple sources (NVD/NVD-variants) indicating exposure of log ...

Time Of Check To Time Of Use (TOCTOU)

chownr is vulnerable to the time of check to time of use TOCTOU race condition.The library uses predictable filenames in /tmp, allowing a malicious user to change the group ownership of an arbitrary file by replacing a non-symlink file with a symlink file during the execution of the chown command...