Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2018
CVE-2018-6187
In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file.
CVSS Score
5.5
EPSS Score
0.003
Published
2018-01-24
CVE-2017-18075
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-01-24
CVE-2018-5969
Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-01-24
CVE-2018-5972
SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI.
CVSS Score
9.8
EPSS Score
0.054
Published
2018-01-24
CVE-2018-5976
Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin password.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-01-24
CVE-2018-5977
SQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=&price_type=range&price= request.
CVSS Score
9.8
EPSS Score
0.015
Published
2018-01-24
CVE-2018-5978
SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field.
CVSS Score
9.8
EPSS Score
0.015
Published
2018-01-24
CVE-2018-5979
SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User field.
CVSS Score
9.8
EPSS Score
0.054
Published
2018-01-24
CVE-2018-5984
SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 component for Joomla! via the PATH_INFO to the category/ URI.
CVSS Score
9.8
EPSS Score
0.015
Published
2018-01-24
CVE-2018-5985
SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for Joomla! via an r=site/login&company_id= request.
CVSS Score
9.8
EPSS Score
0.054
Published
2018-01-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved