Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2019
CVE-2019-8903
index.js in Total.js Platform before 3.2.3 allows path traversal.
CVSS Score
7.5
EPSS Score
0.474
Published
2019-02-18
CVE-2019-6453
mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome is not exploitable).
CVSS Score
8.1
EPSS Score
0.854
Published
2019-02-18
CVE-2019-8372
The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL.
CVSS Score
7.0
EPSS Score
0.002
Published
2019-02-18
CVE-2019-8902
An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.
CVSS Score
5.7
EPSS Score
0.001
Published
2019-02-18
CVE-2019-8423
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-02-18
CVE-2019-8424
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-02-18
CVE-2019-8425
includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-02-18
CVE-2019-8426
skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-02-18
CVE-2019-8427
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.
CVSS Score
9.8
EPSS Score
0.049
Published
2019-02-18
CVE-2019-8428
ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-02-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved