Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2018
CVE-2018-5259
Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-01-08
CVE-2018-5280
SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens.
CVSS Score
5.4
EPSS Score
0.003
Published
2018-01-08
CVE-2018-5281
SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens.
CVSS Score
5.4
EPSS Score
0.003
Published
2018-01-08
CVE-2018-5282
Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a crash can be reproduced; also, reading XML documents is implemented exclusively with managed code within the Microsoft .NET Framework
CVSS Score
7.8
EPSS Score
0.008
Published
2018-01-08
CVE-2018-5283
The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets-library://asset/asset.php.
CVSS Score
7.5
EPSS Score
0.005
Published
2018-01-08
CVE-2018-5298
In the Procter & Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. An attacker can gain access to locally stored user data more easily by leveraging access to the preferences XML file.
CVSS Score
7.5
EPSS Score
0.001
Published
2018-01-08
CVE-2018-5284
The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options-general.php.
CVSS Score
4.8
EPSS Score
0.003
Published
2018-01-08
CVE-2018-5285
The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-01-08
CVE-2018-5286
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-about page.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-01-08
CVE-2018-5287
The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page.
CVSS Score
7.5
EPSS Score
0.111
Published
2018-01-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved