Show filters
16 Total Results
Displaying 11-16 of 16
Sort by:
Attacker Value
Unknown

CVE-2018-13209

Disclosure Date: July 05, 2018 (last updated November 27, 2024)
The sell function of a smart contract implementation for Nectar (NCTR), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
0
Attacker Value
Unknown

CVE-2018-13087

Disclosure Date: July 03, 2018 (last updated November 26, 2024)
The mintToken function of a smart contract implementation for Coinstar (CSTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
Attacker Value
Unknown

CVE-2018-12015

Disclosure Date: June 07, 2018 (last updated November 26, 2024)
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
0
Attacker Value
Unknown

CVE-2015-2087

Disclosure Date: February 26, 2015 (last updated October 05, 2023)
Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via unspecified vectors.
0
Attacker Value
Unknown

CVE-2014-9155

Disclosure Date: December 01, 2014 (last updated October 05, 2023)
Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (dot dot) in the path of a cropped picture in the uploader panel.
0
Attacker Value
Unknown

CVE-2007-4829

Disclosure Date: November 02, 2007 (last updated October 04, 2023)
Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.
0