Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2024
CVE-2023-47867
MachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device's web services and compromise the device.
CVSS Score
8.8
EPSS Score
0.0
Published
2024-02-01
CVE-2023-49115
MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-02-01
CVE-2023-47256
ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings
CVSS Score
5.5
EPSS Score
0.001
Published
2024-02-01
CVE-2023-47257
ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages.
CVSS Score
8.1
EPSS Score
0.05
Published
2024-02-01
CVE-2023-4472
Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the application.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-01
CVE-2024-0325
In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins.  
CVSS Score
3.6
EPSS Score
0.001
Published
2024-02-01
CVE-2024-1039
Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-01
CVE-2024-1040
Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can restore the passwords by breaking the hashes stored on the device.
CVSS Score
4.4
EPSS Score
0.0
Published
2024-02-01
CVE-2024-24755
discourse-group-membership-ip-block is a discourse plugin that adds support for adding users to groups based on their IP address. discourse-group-membership-ip-block was sending all group custom fields to the client, including group custom fields from other plugins which may expect their custom fields to remain secret.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-02-01
CVE-2024-24945
A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Share Your Moments parameter at /travel-journal/write-journal.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-02-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved