Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2017
CVE-2013-7454
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.
CVSS Score
6.1
EPSS Score
0.018
Published
2017-01-23
CVE-2014-8362
Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface.
CVSS Score
9.8
EPSS Score
0.033
Published
2017-01-23
CVE-2014-9772
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.
CVSS Score
6.1
EPSS Score
0.026
Published
2017-01-23
CVE-2015-4626
B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an overdraft.
CVSS Score
7.5
EPSS Score
0.014
Published
2017-01-23
CVE-2015-7743
XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file.
CVSS Score
6.5
EPSS Score
0.013
Published
2017-01-23
CVE-2015-8315
The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
CVSS Score
7.5
EPSS Score
0.068
Published
2017-01-23
CVE-2015-8854
The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (ReDoS)."
CVSS Score
7.5
EPSS Score
0.043
Published
2017-01-23
CVE-2015-8855
The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
CVSS Score
7.5
EPSS Score
0.064
Published
2017-01-23
CVE-2015-8856
Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name.
CVSS Score
6.1
EPSS Score
0.025
Published
2017-01-23
CVE-2015-8857
The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript.
CVSS Score
9.8
EPSS Score
0.036
Published
2017-01-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved