Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2020
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords (User bluetooth, password bluetooth; User eclipse, password eclipse). Also, bluetooth is the root password.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-02-17
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-02-17
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-02-16
Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting <div id="watermark"> from the HTML source code.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-02-16
Codoforum 4.8.8 allows self-XSS via the title of a new topic.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-02-16
A cross-site scripting (XSS) vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-02-16
Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escalation via DLL hijacking.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-02-16
AnyShare Cloud 6.0.9 allows authenticated directory traversal to read files, as demonstrated by the interface/downloadwithpath/downloadfile/?filepath=/etc/passwd URI.
CVSS Score
4.3
EPSS Score
0.006
Published
2020-02-16
Older generation Abbott FreeStyle Libre sensors allow remote attackers within close proximity to enable write access to memory via a specific NFC unlock command. NOTE: The vulnerability is not present in the FreeStyle Libre 14-day in the U.S (announced in August 2018) and FreeStyle Libre 2 outside the U.S (announced in October 2018).
CVSS Score
8.8
EPSS Score
0.006
Published
2020-02-16
Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cookies and take over accounts.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-02-15


Contact Us

Shodan ® - All rights reserved