Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2018
CVE-2017-9965
An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory traversal attack, an unauthorized person can view web server files.
CVSS Score
5.8
EPSS Score
0.019
Published
2018-01-02
CVE-2017-9966
A privilege escalation vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. By replacing certain files, an unauthorized user can obtain system privileges and the inserted code would execute at an elevated privilege level.
CVSS Score
7.1
EPSS Score
0.005
Published
2018-01-02
CVE-2018-3813
getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-01-01
CVE-2018-3814
Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the "Assets->Upload files" screen and then the "Replace it" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension.
CVSS Score
8.8
EPSS Score
0.007
Published
2018-01-01
CVE-2017-18008
In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-01-01
CVE-2017-18009
In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-01-01
CVE-2017-18010
The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0.0 for WordPress has XSS via the admin/partials/custom/egoi-for-wp-form_egoi.php url parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-01-01
CVE-2017-18011
The MyCBGenie Affiliate Ads for Clickbank Products plugin through 1.6 for WordPress has XSS via the text_ads_ajax.php border_color parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-01-01
CVE-2017-18012
The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter.
CVSS Score
6.1
EPSS Score
0.008
Published
2018-01-01
CVE-2017-18013
In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.
CVSS Score
6.5
EPSS Score
0.008
Published
2018-01-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved