Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2020
CVE-2020-9270
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-02-18
CVE-2020-9271
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-02-18
CVE-2020-9265
phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmc_username.
CVSS Score
9.3
EPSS Score
0.01
Published
2020-02-18
CVE-2020-9266
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-02-18
CVE-2020-9267
SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-02-18
CVE-2015-7507
libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a crafted color table to the (1) bmp_decode_rgb or (2) bmp_decode_rle function.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-02-18
CVE-2013-4226
The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via the cached pages of the superuser.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-02-18
CVE-2013-4228
The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-02-18
CVE-2015-7505
Stack-based buffer overflow in the gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW stream in a GIF file.
CVSS Score
8.8
EPSS Score
0.008
Published
2020-02-18
CVE-2015-7567
SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter.
CVSS Score
9.8
EPSS Score
0.123
Published
2020-02-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved