Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2017
CVE-2017-5881
GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file.
CVSS Score
7.8
EPSS Score
0.013
Published
2017-02-21
CVE-2017-5959
CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token.
CVSS Score
9.8
EPSS Score
0.001
Published
2017-02-21
CVE-2017-6070
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.
CVSS Score
9.8
EPSS Score
0.008
Published
2017-02-21
CVE-2017-6071
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml.
CVSS Score
5.3
EPSS Score
0.003
Published
2017-02-21
CVE-2017-6072
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin.
CVSS Score
5.3
EPSS Score
0.002
Published
2017-02-21
CVE-2017-6078
FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-02-21
CVE-2017-6095
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id.
CVSS Score
9.8
EPSS Score
0.069
Published
2017-02-21
CVE-2017-6096
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list.
CVSS Score
7.2
EPSS Score
0.046
Published
2017-02-21
CVE-2017-6097
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the POST Parameter: camp_id.
CVSS Score
7.2
EPSS Score
0.061
Published
2017-02-21
CVE-2017-6098
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parameter: list_id.
CVSS Score
7.2
EPSS Score
0.071
Published
2017-02-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved