Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2019
CVE-2018-20771
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is unauthenticated Remote Command Execution.
CVSS Score
9.8
EPSS Score
0.021
Published
2019-02-10
CVE-2019-7692
install/install.php in CIM 0.9.3 allows remote attackers to execute arbitrary PHP code via a crafted prefix value because of configuration file mishandling in the N=83 case, as demonstrated by a call to the PHP fputs function that creates a .php file in the public folder.
CVSS Score
9.8
EPSS Score
0.01
Published
2019-02-10
CVE-2018-13792
Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-02-10
CVE-2009-5154
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-02-09
CVE-2019-7673
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Administrator Credentials are stored in the 13-character DES hash format.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-02-09
CVE-2019-7674
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /admin/access accepts a request to set the "aaaaa" password, considered insecure for some use cases, from a user.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-02-09
CVE-2019-7675
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-02-09
CVE-2019-7676
A weak password vulnerability was discovered in Enphase Envoy R3.*.*. One can login via TCP port 8888 with the admin password for the admin account.
CVSS Score
7.2
EPSS Score
0.004
Published
2019-02-09
CVE-2019-7677
XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-02-09
CVE-2019-7678
A directory traversal vulnerability was discovered in Enphase Envoy R3.*.* via images/, include/, include/js, or include/css on TCP port 8888.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-02-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved