Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2019
CVE-2018-15780
RSA Archer versions prior to 6.5.0.1 contain an improper access control vulnerability. A remote malicious user could potentially exploit this vulnerability to bypass authorization checks and gain read access to restricted user information.
CVSS Score
4.3
EPSS Score
0.003
Published
2019-01-03
CVE-2018-18004
Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-01-03
CVE-2018-18005
Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-01-03
CVE-2018-18244
Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-01-03
CVE-2018-19600
Rhymix CMS 1.9.8.1 allows XSS via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-01-03
CVE-2018-19601
Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload.
CVSS Score
9.1
EPSS Score
0.004
Published
2019-01-03
CVE-2018-19993
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-01-03
CVE-2018-19994
An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-01-03
CVE-2018-19995
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-01-03
CVE-2018-19998
SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-01-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved