Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2019
CVE-2015-9278
MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-01-16
CVE-2015-9279
MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-01-16
CVE-2015-9280
MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.
CVSS Score
10.0
EPSS Score
0.003
Published
2019-01-16
CVE-2018-20723
A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
CVSS Score
4.8
EPSS Score
0.005
Published
2019-01-16
CVE-2018-20724
A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
CVSS Score
4.8
EPSS Score
0.006
Published
2019-01-16
CVE-2018-20725
A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.
CVSS Score
4.8
EPSS Score
0.005
Published
2019-01-16
CVE-2018-20726
A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.
CVSS Score
5.4
EPSS Score
0.005
Published
2019-01-16
CVE-2018-20721
URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-01-16
CVE-2019-6447
The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP.
CVSS Score
8.1
EPSS Score
0.796
Published
2019-01-16
CVE-2019-6261
An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in com_contact leads to a stored XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-01-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved