Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2019
CVE-2019-9114
Ming (aka libming) 0.4.8 has an out of bounds write vulnerability in the function strcpyext() in the decompile.c file in libutil.a.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-02-25
CVE-2019-9115
In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage.
CVSS Score
9.8
EPSS Score
0.011
Published
2019-02-25
CVE-2019-9107
XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-02-25
CVE-2019-9108
XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-02-25
CVE-2019-9109
XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-02-25
CVE-2019-9110
XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-02-25
CVE-2019-9082
Known exploited
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.
CVSS Score
8.8
EPSS Score
0.941
Published
2019-02-24
CVE-2019-9078
zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-02-24
CVE-2018-20786
libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-02-24
CVE-2019-8375
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).
CVSS Score
9.8
EPSS Score
0.175
Published
2019-02-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved