Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2019
CVE-2019-0624
A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted request, aka "Skype for Business 2015 Spoofing Vulnerability." This affects Skype.
CVSS Score
5.4
EPSS Score
0.004
Published
2019-01-17
CVE-2019-0646
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team.
CVSS Score
5.4
EPSS Score
0.004
Published
2019-01-17
CVE-2019-0647
An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation Server Information Disclosure Vulnerability." This affects Team.
CVSS Score
6.5
EPSS Score
0.081
Published
2019-01-17
CVE-2018-20727
Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php.
CVSS Score
8.8
EPSS Score
0.04
Published
2019-01-17
CVE-2018-20728
A cross site request forgery (CSRF) vulnerability in NeDi before 1.7Cp3 allows remote attackers to escalate privileges via User-Management.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-01-17
CVE-2018-20729
A reflected cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via the reg parameter in mh.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-01-17
CVE-2018-20730
A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-01-17
CVE-2018-20731
A stored cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via User-Chat.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-01-17
CVE-2015-9281
Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-01-17
CVE-2018-20732
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.
CVSS Score
9.8
EPSS Score
0.043
Published
2019-01-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved