• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-20

CVE-2018-14281

February 26, 2023 by

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportData XFA function. The issue results from the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5757.

CVE-2018-14071

February 26, 2023 by

The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input.

CVE-2018-14085

February 26, 2023 by

An issue was discovered in a smart contract implementation for UserWallet 0x0a7bca9FB7AfF26c6ED8029BB6f0F5D291587c42, an Ethereum token. First, suppose that the owner adds the evil contract address to his sweepers. The evil contract looks like this: contract Exploit { uint public start; function sweep(address _token, uint _amount) returns (bool) { start = 0x123456789; return true;} }. Then, when one calls the function sweep() in the UserWallet contract, it will change the sweeperList to 0X123456789.

CVE-2018-14089

February 26, 2023 by

An issue was discovered in a smart contract implementation for Virgo_ZodiacToken, an Ethereum token. In this contract, ‘bool sufficientAllowance = allowance <= _value' will cause an arbitrary transfer in the function transferFrom because '=’ (which was intended). An attacker can transfer from any address to his address, and does not need to meet the ‘allowance > value’ condition.

CVE-2018-14055

February 26, 2023 by

ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.

CVE-2018-14009

February 26, 2023 by

Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 238
  • Go to page 239
  • Go to page 240
  • Go to page 241
  • Go to page 242
  • Interim pages omitted …
  • Go to page 681
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE