Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2020
CVE-2013-2646
TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of service vulnerability.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-02-03
CVE-2020-8547
phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
CVSS Score
9.8
EPSS Score
0.033
Published
2020-02-03
CVE-2019-11251
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.
CVSS Score
4.8
EPSS Score
0.02
Published
2020-02-03
CVE-2020-8545
Global.py in AIL framework 2.8 allows path traversal.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-02-03
CVE-2019-19119
An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local registry keys for the Core Server Service, a non-administrative user on the local machine is able to access administrative credentials.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-02-03
CVE-2020-7993
Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-02-03
CVE-2020-8510
An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en (user+perms+lang), one can login as any user without a password.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-02-03
CVE-2013-2621
Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL.
CVSS Score
6.1
EPSS Score
0.102
Published
2020-02-03
CVE-2013-2622
Cross-site Scripting (XSS) in UebiMiau 2.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the "selected_theme" parameter in error.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-02-03
CVE-2013-2623
Cross-site Scripting (XSS) in Telaen before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the "f_email" parameter in index.php.
CVSS Score
6.1
EPSS Score
0.026
Published
2020-02-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved