Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2018
CVE-2018-5695
The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php.
CVSS Score
7.2
EPSS Score
0.005
Published
2018-01-14
CVE-2018-5696
The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-01-14
CVE-2018-5697
Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove request to admin_kb_art.php or the order parameter to admin_jr_admin.php, related to functions_kb.php.
CVSS Score
7.2
EPSS Score
0.002
Published
2018-01-14
CVE-2018-5698
libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based buffer over-read via an unterminated string.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-01-14
CVE-2018-5684
In Libav through 12.2, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of libavformat/mov.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) and program failure with a crafted avi file.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-01-14
CVE-2018-5685
In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-01-14
CVE-2018-5686
In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.
CVSS Score
5.5
EPSS Score
0.008
Published
2018-01-14
CVE-2018-5687
NewsBee allows XSS via the Company Name field in the Settings under admin/admin.php.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-01-14
CVE-2018-5360
LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.
CVSS Score
8.8
EPSS Score
0.005
Published
2018-01-14
CVE-2018-0486
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.
CVSS Score
6.5
EPSS Score
0.009
Published
2018-01-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved