Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2018
CVE-2018-5997
An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root.
CVSS Score
9.8
EPSS Score
0.258
Published
2018-01-25
CVE-2017-1000414
ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a division by zero in the JFIF decode handling resulting denial of service.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-01-25
CVE-2017-15365
sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-01-25
CVE-2018-5748
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
CVSS Score
7.5
EPSS Score
0.016
Published
2018-01-25
CVE-2018-5954
phpFreeChat 1.7 and earlier allows remote attackers to cause a denial of service by sending a large number of connect commands.
CVSS Score
7.5
EPSS Score
0.199
Published
2018-01-25
CVE-2018-5963
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter.
CVSS Score
4.8
EPSS Score
0.005
Published
2018-01-25
CVE-2018-5964
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter.
CVSS Score
4.8
EPSS Score
0.003
Published
2018-01-25
CVE-2018-5965
CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter.
CVSS Score
4.8
EPSS Score
0.005
Published
2018-01-25
CVE-2018-4835
A vulnerability has been identified in TeleControl Server Basic < V3.1. An attacker with network access to the TeleControl Server Basic's port 8000/tcp could bypass the authentication mechanism and read limited information.
CVSS Score
5.3
EPSS Score
0.005
Published
2018-01-25
CVE-2018-4836
A vulnerability has been identified in TeleControl Server Basic < V3.1. An authenticated attacker with a low-privileged account to the TeleControl Server Basic's port 8000/tcp could escalate his privileges and perform administrative operations.
CVSS Score
8.8
EPSS Score
0.007
Published
2018-01-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved