Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2019
CVE-2018-16480
A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-02-01
CVE-2018-16481
A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-02-01
CVE-2018-16482
A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-02-01
CVE-2018-16483
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-02-01
CVE-2018-16484
A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-02-01
CVE-2018-16485
Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request.
CVSS Score
6.5
EPSS Score
0.006
Published
2019-02-01
CVE-2018-16486
A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-02-01
CVE-2018-16487
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
CVSS Score
5.6
EPSS Score
0.004
Published
2019-02-01
CVE-2018-16489
A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-02-01
CVE-2018-18988
LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash.
CVSS Score
8.8
EPSS Score
0.011
Published
2019-02-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved