Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2019
CVE-2018-20512
EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-01-03
CVE-2018-20663
The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the "Reports > Reports" name field.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-01-03
CVE-2018-20664
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.
CVSS Score
9.8
EPSS Score
0.014
Published
2019-01-03
CVE-2019-3575
Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-01-03
CVE-2019-3905
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.
CVSS Score
10.0
EPSS Score
0.012
Published
2019-01-03
CVE-2018-14481
Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-01-03
CVE-2018-19414
Multiple cross-site scripting (XSS) vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to groups.php; (2) username parameter to login.php; or (3) date parameter to search.php.
CVSS Score
6.1
EPSS Score
0.027
Published
2019-01-03
CVE-2018-19415
Multiple SQL injection vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to join_group.php or (2) comment_id parameter to story.php.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-01-03
CVE-2018-19505
Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-01-03
CVE-2018-19523
DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x80002068) with a user defined buffer size. If the size of the buffer is less than 512 bytes, then the driver will overwrite the next pool header if there is one next to the user buffer's pool.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-01-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved