Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2018
CVE-2018-5215
Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-01-04
CVE-2018-5216
Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/pages/*/edit resource.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-01-04
CVE-2018-5217
In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002578.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-01-04
CVE-2018-5218
In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x950025b0.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-01-04
CVE-2018-5219
In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002168.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-01-04
CVE-2018-5220
In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002610.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-01-04
CVE-2018-5212
The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php.
CVSS Score
5.4
EPSS Score
0.003
Published
2018-01-04
CVE-2018-5213
The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php.
CVSS Score
5.4
EPSS Score
0.003
Published
2018-01-04
CVE-2018-5214
The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-01-04
CVE-2014-7862
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.
CVSS Score
9.8
EPSS Score
0.814
Published
2018-01-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved