Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2020
CVE-2019-18894
In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. A flaw in the processing of a command allows execution of arbitrary OS commands with the privileges of the currently logged in user. This allows for example attackers who compromised a browser extension to escape from the browser sandbox.
CVSS Score
7.8
EPSS Score
0.003
Published
2020-01-13
CVE-2020-6859
Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter. This is related to ajax_image_upload and ajax_resize_image.
CVSS Score
5.3
EPSS Score
0.011
Published
2020-01-13
CVE-2019-19547
Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.
CVSS Score
6.1
EPSS Score
0.011
Published
2020-01-13
CVE-2011-2670
Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-13
CVE-2013-6225
LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability
CVSS Score
9.8
EPSS Score
0.541
Published
2020-01-13
CVE-2014-9382
Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user account creation
CVSS Score
6.5
EPSS Score
0.003
Published
2020-01-13
CVE-2014-5381
Grand MA 300 allows a brute-force attack on the PIN.
CVSS Score
9.8
EPSS Score
0.464
Published
2020-01-13
CVE-2014-6038
Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000.
CVSS Score
7.5
EPSS Score
0.838
Published
2020-01-13
CVE-2014-6039
ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000.
CVSS Score
7.5
EPSS Score
0.836
Published
2020-01-13
CVE-2014-6059
WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability
CVSS Score
7.2
EPSS Score
0.011
Published
2020-01-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved