Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2019
CVE-2019-7582
The readBytes function in util/read.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-02-07
CVE-2019-7585
An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php allows time-based SQL Injection via the param array parameter to the /index.php?m=public&a=checkemail URI.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-02-07
CVE-2019-7580
ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code via the portal/admin_category/addpost.html alias parameter because the mishandling of a single quote character allows data/conf/route.php injection.
CVSS Score
8.8
EPSS Score
0.581
Published
2019-02-07
CVE-2019-7535
index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-02-07
CVE-2018-1666
IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI. IBM X-Force ID: 144892.
CVSS Score
4.3
EPSS Score
0.002
Published
2019-02-07
CVE-2019-4008
API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.
CVSS Score
9.0
EPSS Score
0.005
Published
2019-02-07
CVE-2019-7578
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.
CVSS Score
8.1
EPSS Score
0.031
Published
2019-02-07
CVE-2019-7559
In btor2parser/btor2parser.c in Boolector Btor2Tools before 2019-01-15, opening a specially crafted input file leads to an out of bounds write in pusht_bfr.
CVSS Score
5.5
EPSS Score
0.002
Published
2019-02-07
CVE-2019-7560
In parser/btorsmt2.c in Boolector 3.0.0, opening a specially crafted input file leads to a use after free in get_failed_assumptions or btor_delete.
CVSS Score
5.5
EPSS Score
0.002
Published
2019-02-07
CVE-2019-7566
CSZ CMS 1.1.8 has CSRF via admin/users/new/add.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-02-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved