1434 matches found
CVE-2018-13656
The mintToken function of a smart contract implementation for Sample Token STK Contract Name: cashBackMintable, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...
Integer overflow
The mintToken function of a smart contract implementation for Sample Token STK Contract Name: cashBackMintable, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...
CVE-2018-13656
The mintToken function of a smart contract implementation for Sample Token STK Contract Name: cashBackMintable, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...
CVE-2018-13656
CVE-2018-13656 affects a smart contract for Sample Token (STK) with Contract Name cashBackMintable. The mintToken function contains an integer overflow that allows the contract owner to set the balance of an arbitrary user to any value. This results in potential integrity impact (HIGH per CVSSv3)...
Threat Outbreak Alert RuleID33113: Email Messages Distributing Malicious Software on July 4, 2018
Medium Alert ID: 58351 First Published: 2018 July 5 15:43 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID33113 may contain the following files: Name | Size...
CVE-2018-13215
The sell function of a smart contract implementation for Sample Token STK Contract Name: cashBackMintable, an Ethereum token, has an integer overflow in which "amount sellPrice" can be zero, consequently reducing a seller's assets...
Integer overflow
The sell function of a smart contract implementation for Sample Token STK Contract Name: cashBackMintable, an Ethereum token, has an integer overflow in which "amount sellPrice" can be zero, consequently reducing a seller's assets...
CVE-2018-13215
The sell function of a smart contract implementation for Sample Token STK Contract Name: cashBackMintable, an Ethereum token, has an integer overflow in which "amount sellPrice" can be zero, consequently reducing a seller's assets...
CVE-2018-12459
An inconsistent bits-per-sample value in the ffmpeg4decodepictureheader function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service...
CVE-2018-12459
An inconsistent bits-per-sample value in the ffmpeg4decodepictureheader function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service...
CVE-2018-12459
An inconsistent bits-per-sample value in the ffmpeg4decodepictureheader function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service...
DEBIAN-CVE-2018-12459
An inconsistent bits-per-sample value in the ffmpeg4decodepictureheader function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service...
CVE-2018-7559
The CVE-2018-7559 issue affects OPC UA .NET Standard/Legacy Stack and Sample Code, where remote attackers can determine a server’s private key by sending specially crafted bad UserIdentityTokens as part of an oracle attack. Public details reference GitHub commits before 2018-04-12 (Standard) and ...
Design/Logic Flaw
DISPUTED tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerability because the issue is based on an sample program using LIBTIFF and do not apply to the...
Microsoft Windows Kernel 'Win32k.sys' Local Privilege Escalation Vulnerability(CVE-2018-8120)
作者:bigric3 作者博客: 5月15日ESET发文其在3月份捕获了一个 pdf远程代码执行(cve-2018-4990)+windows本地权限提升(cve-2018-8120)的样本。ESET发文后,我从vt上下载了这样一份样本()。初步逆向,大致明确如外界所传,该漏洞处于开发测试阶段,不慎被上传到了公网样本检测的网上,由ESET捕获并提交微软和adobe修补。测试特征字符串如下 定位样本中关键的代码并调试分析...
DEBIAN-CVE-2018-10778
Read access violation in the IIIdequantizesample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872 and CVE-2017-14409...
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 30, 2018
When I was little, I discovered the joy of jumping on the bed. While it was fun to jump on the bed, I wanted to make it more challenging so I started to imitate the ski jumpers I had seen during the 1976 Winter Olympics and jump from my parents’ dresser to the bed. I quickly found out there’s a...
Spartacus ransomware: introduction to a strain of unsophisticated malware
Spartacus ransomware is a new sample that has been circulating in 2018. Written in C, the original sample is obfuscated, which we will go over as we extract it to its readable state. Spartacus is a relatively straight-forward ransomware sample and uses some similar techniques and code to others w...
RTA (Red Team Arsenal) - An Intelligent Scanner To Detect Security Vulnerabilities In Companies Layer 7 Assets
Red Team Arsenal is a web/network security scanner which has the capability to scan all company's online facing assets and provide an holistic security view of any security anomalies. It's a closely linked collections of security engines to conduct/simulate attacks and monitor public facing asset...
An Intelligent Network Security Scanner: Red Team Arsenal
Red Team Arsenal is a web/network security scanner which has the capability to scan all company’s online facing assets and provide an holistic security view of any security anomalies. It’s a closely linked collections of security engines to conduct/simulate attacks and monitor public facing asset...