Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2018
CVE-2018-5700
Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copy_folder_file call (in inc/class.ftpfolder.php) to move a .php file from the FTP folder into a web folder.
CVSS Score
8.8
EPSS Score
0.039
Published
2018-01-14
CVE-2017-15126
A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd_ctx_put().
CVSS Score
8.1
EPSS Score
0.012
Published
2018-01-14
CVE-2017-15127
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).
CVSS Score
5.5
EPSS Score
0.0
Published
2018-01-14
CVE-2017-15128
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG).
CVSS Score
5.5
EPSS Score
0.0
Published
2018-01-14
CVE-2018-5689
Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-01-14
CVE-2018-5690
Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number).
CVSS Score
5.4
EPSS Score
0.002
Published
2018-01-14
CVE-2018-5691
SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module.
CVSS Score
5.4
EPSS Score
0.004
Published
2018-01-14
CVE-2018-5692
Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-01-14
CVE-2018-5693
The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog.
CVSS Score
3.3
EPSS Score
0.0
Published
2018-01-14
CVE-2018-5694
The callforward module in User Control Panel (UCP) in Nicolas Gudino (aka Asternic) Flash Operator Panel (FOP) 2.31.03 allows remote authenticated users to execute arbitrary commands via the command parameter.
CVSS Score
8.8
EPSS Score
0.013
Published
2018-01-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved