Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2016
CVE-2016-1141
KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
CVSS Score
4.7
EPSS Score
0.005
Published
2016-01-30
CVE-2016-1139
Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVSS Score
7.5
EPSS Score
0.001
Published
2016-01-30
CVE-2016-1140
KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.003
Published
2016-01-30
CVE-2016-1138
CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.
CVSS Score
4.7
EPSS Score
0.003
Published
2016-01-30
CVE-2016-1137
Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVSS Score
7.4
EPSS Score
0.003
Published
2016-01-30
CVE-2016-1136
Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
5.4
EPSS Score
0.002
Published
2016-01-30
CVE-2016-0867
CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a direct file request.
CVSS Score
7.5
EPSS Score
0.003
Published
2016-01-30
CVE-2016-1488
Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVSS Score
6.1
EPSS Score
0.002
Published
2016-01-30
CVE-2016-1304
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596.
CVSS Score
6.1
EPSS Score
0.004
Published
2016-01-30
CVE-2016-1303
The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330.
CVSS Score
7.5
EPSS Score
0.004
Published
2016-01-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved