Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2017
CVE-2013-7454
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.
CVSS Score
6.1
EPSS Score
0.007
Published
2017-01-23
CVE-2014-8362
Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface.
CVSS Score
9.8
EPSS Score
0.027
Published
2017-01-23
CVE-2014-9772
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.
CVSS Score
6.1
EPSS Score
0.006
Published
2017-01-23
CVE-2015-4626
B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an overdraft.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-01-23
CVE-2015-7743
XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-01-23
CVE-2015-8315
The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
CVSS Score
7.5
EPSS Score
0.009
Published
2017-01-23
CVE-2015-8854
The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (ReDoS)."
CVSS Score
7.5
EPSS Score
0.01
Published
2017-01-23
CVE-2015-8855
The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
CVSS Score
7.5
EPSS Score
0.01
Published
2017-01-23
CVE-2015-8856
Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-01-23
CVE-2015-8857
The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-01-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved