Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2018
CVE-2017-15631
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptp_client.lua file.
CVSS Score
7.2
EPSS Score
0.014
Published
2018-01-11
CVE-2017-15632
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file.
CVSS Score
7.2
EPSS Score
0.009
Published
2018-01-11
CVE-2017-15633
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-ipgroup variable in the session_limits.lua file.
CVSS Score
7.2
EPSS Score
0.014
Published
2018-01-11
CVE-2017-15634
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file.
CVSS Score
7.2
EPSS Score
0.014
Published
2018-01-11
CVE-2017-15635
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file.
CVSS Score
7.2
EPSS Score
0.014
Published
2018-01-11
CVE-2017-15636
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file.
CVSS Score
7.2
EPSS Score
0.009
Published
2018-01-11
CVE-2017-15637
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_server.lua file.
CVSS Score
7.2
EPSS Score
0.011
Published
2018-01-11
CVE-2017-18016
Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin).
CVSS Score
5.3
EPSS Score
0.013
Published
2018-01-11
CVE-2018-5189
Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer overflow) or gain system privileges by flipping pool buffer size, aka a "double fetch" vulnerability.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-01-11
CVE-2012-6667
Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte Technologies vBShout module for vBulletin allows remote attackers to inject arbitrary web script or HTML via the shout parameter in a shout action.
CVSS Score
6.1
EPSS Score
0.007
Published
2018-01-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved