Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2024
CVE-2023-49257
An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-01-12
CVE-2023-49258
User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at "/gui/terminal_tool.cgi" in the "data" parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-01-12
CVE-2023-49259
The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time.
CVSS Score
7.5
EPSS Score
0.0
Published
2024-01-12
CVE-2023-49260
An XSS attack can be performed by changing the MOTD banner and pointing the victim to the "terminal_tool.cgi" path. It can be used together with the vulnerability CVE-2023-49255.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-01-12
CVE-2023-49261
The "tokenKey" value used in user authorization is visible in the HTML source of the login page.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-01-12
CVE-2023-49262
The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session.
CVSS Score
9.8
EPSS Score
0.0
Published
2024-01-12
CVE-2023-51949
Verydows v2.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /protected/controller/backend/role_controller
CVSS Score
8.8
EPSS Score
0.001
Published
2024-01-12
CVE-2023-49253
Root user password is hardcoded into the device and cannot be changed in the user interface.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-01-12
CVE-2023-6955
A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.
CVSS Score
6.6
EPSS Score
0.0
Published
2024-01-12
CVE-2023-7028
Known exploited
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
CVSS Score
10.0
EPSS Score
0.936
Published
2024-01-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved