Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2018
CVE-2018-6288
Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-02-06
CVE-2018-6289
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1.
CVSS Score
9.8
EPSS Score
0.023
Published
2018-02-06
CVE-2018-6290
Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-02-06
CVE-2018-6291
WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-02-06
CVE-2013-4317
In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.
CVSS Score
4.3
EPSS Score
0.005
Published
2018-02-06
CVE-2016-6813
Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-"root") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources.
CVSS Score
9.8
EPSS Score
0.015
Published
2018-02-06
CVE-2018-6466
A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_set parameter to wp-admin/options-general.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-02-06
CVE-2018-6467
The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options-general.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-02-06
CVE-2018-6468
A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_id parameter to wp-admin/options-general.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-02-06
CVE-2018-6469
A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_tags parameter to wp-admin/options-general.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-02-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved