Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2017
CVE-2017-2576
In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums.
CVSS Score
5.3
EPSS Score
0.002
Published
2017-01-20
CVE-2017-2578
In Moodle 3.x, there is XSS in the assignment submission page.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-01-20
CVE-2017-5541
Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters.
CVSS Score
5.3
EPSS Score
0.013
Published
2017-01-20
CVE-2017-5542
Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-01-20
CVE-2017-5543
includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.
CVSS Score
9.8
EPSS Score
0.018
Published
2017-01-20
CVE-2016-5725
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
CVSS Score
5.9
EPSS Score
0.322
Published
2017-01-19
CVE-2015-8212
CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program.
CVSS Score
9.8
EPSS Score
0.023
Published
2017-01-19
CVE-2016-10075
The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-01-19
CVE-2016-7543
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.
CVSS Score
8.4
EPSS Score
0.001
Published
2017-01-19
CVE-2016-7545
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
CVSS Score
8.8
EPSS Score
0.0
Published
2017-01-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved