Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2023
CVE-2022-39983
File upload vulnerability in Pro Gamma Instant Developer RD3 22.5 r23, r30, and possibly earlier versions, allows attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-02-22
CVE-2022-45599
Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable to PHP Type Juggling in file /var/www/login.php, allows attackers to gain escalated privileges only when specific conditions regarding a given accounts hashed password.
CVSS Score
9.8
EPSS Score
0.005
Published
2023-02-22
CVE-2022-45600
Aztech WMB250AC Mesh Routers Firmware Version 016 2020 devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login.
CVSS Score
8.8
EPSS Score
0.107
Published
2023-02-22
CVE-2021-33367
Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-02-22
CVE-2022-29273
pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters.
CVSS Score
6.1
EPSS Score
0.451
Published
2023-02-22
CVE-2023-0104
The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data.  
CVSS Score
9.3
EPSS Score
0.032
Published
2023-02-22
CVE-2023-22972
A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-02-22
CVE-2023-22973
A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.
CVSS Score
8.8
EPSS Score
0.014
Published
2023-02-22
CVE-2023-22974
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.
CVSS Score
7.5
EPSS Score
0.031
Published
2023-02-22
CVE-2023-24114
typecho 1.1/17.10.30 was discovered to contain a remote code execution (RCE) vulnerability via install.php.
CVSS Score
9.8
EPSS Score
0.014
Published
2023-02-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved