Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2020
CVE-2020-8658
The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. The flag htccss_nonce_name passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In this way, an attacker is able to direct the victim to a malicious web page that modifies the .htaccess file, and takes control of the website.
CVSS Score
8.8
EPSS Score
0.019
Published
2020-02-06
CVE-2020-8647
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.
CVSS Score
6.1
EPSS Score
0.001
Published
2020-02-06
CVE-2020-8648
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.
CVSS Score
7.1
EPSS Score
0.0
Published
2020-02-06
CVE-2020-8649
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.
CVSS Score
5.9
EPSS Score
0.001
Published
2020-02-06
CVE-2011-1597
OpenVAS Manager v2.0.3 allows plugin remote code execution.
CVSS Score
8.8
EPSS Score
0.019
Published
2020-02-06
CVE-2011-1517
SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash.
CVSS Score
9.8
EPSS Score
0.024
Published
2020-02-05
CVE-2020-8644
Known exploited
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
CVSS Score
9.8
EPSS Score
0.933
Published
2020-02-05
CVE-2011-1150
bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-02-05
CVE-2011-1151
Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters.
CVSS Score
9.1
EPSS Score
0.0
Published
2020-02-05
CVE-2020-6854
A cross-site scripting (XSS) vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to inject arbitrary web script or HTML via JSON properties available from the REST API.
CVSS Score
5.4
EPSS Score
0.004
Published
2020-02-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved