Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2017
CVE-2016-7906
magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file.
CVSS Score
5.5
EPSS Score
0.005
Published
2017-01-18
CVE-2016-7980
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code.
CVSS Score
8.8
EPSS Score
0.009
Published
2017-01-18
CVE-2016-7981
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
CVSS Score
6.1
EPSS Score
0.522
Published
2017-01-18
CVE-2016-7982
Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.
CVSS Score
7.5
EPSS Score
0.26
Published
2017-01-18
CVE-2016-7996
Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.
CVSS Score
9.8
EPSS Score
0.012
Published
2017-01-18
CVE-2017-5515
Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names.
CVSS Score
5.4
EPSS Score
0.001
Published
2017-01-17
CVE-2017-5516
Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-01-17
CVE-2017-5517
SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter.
CVSS Score
9.8
EPSS Score
0.011
Published
2017-01-17
CVE-2017-5518
The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address.
CVSS Score
7.4
EPSS Score
0.004
Published
2017-01-17
CVE-2017-5519
SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS Score
9.8
EPSS Score
0.011
Published
2017-01-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved