Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2018
CVE-2018-5960
Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-01-22
CVE-2018-5961
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-01-22
CVE-2018-5962
index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-01-22
CVE-2016-10708
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.
CVSS Score
7.5
EPSS Score
0.015
Published
2018-01-21
CVE-2017-18046
Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action function in /cgi-bin/login_action.cgi (aka cgipage.cgi).
CVSS Score
9.8
EPSS Score
0.111
Published
2018-01-21
CVE-2018-5955
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI.
CVSS Score
9.8
EPSS Score
0.875
Published
2018-01-21
CVE-2018-5956
In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402414.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-01-21
CVE-2018-5957
In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40242C.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-01-21
CVE-2018-5958
In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402424.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-01-21
CVE-2017-18045
JBMC DirectAdmin before 1.52, when the email_ftp_password_change setting is nonzero, allows remote attackers to obtain access or cause a denial of service (segfault) via an unspecified request.
CVSS Score
9.8
EPSS Score
0.007
Published
2018-01-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved