Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2018
CVE-2018-6862
Cross Site Scripting (XSS) exists in PHP Scripts Mall Bitcoin MLM Software 1.0.2 via a profile field.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-02-12
CVE-2018-6863
SQL Injection exists in PHP Scripts Mall Select Your College Script 2.0.2 via a Login Parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-02-12
CVE-2018-6864
Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion Responsive Matrimonial 4.7.2 via a user profile update parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-02-12
CVE-2018-6880
EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full path via an array value for a parameter to class/connect.php.
CVSS Score
5.3
EPSS Score
0.003
Published
2018-02-12
CVE-2018-6881
EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php.
CVSS Score
5.3
EPSS Score
0.005
Published
2018-02-12
CVE-2018-6888
An issue was discovered in Typesetter 5.1. The User Permissions page (aka Admin/Users) suffers from critical flaw of Cross Site Request forgery: using a forged HTTP request, a malicious user can lead a user to unknowingly create / delete or modify a user account due to the lack of an anti-CSRF token.
CVSS Score
8.0
EPSS Score
0.001
Published
2018-02-12
CVE-2018-6889
An issue was discovered in Typesetter 5.1. It suffers from a Host header injection vulnerability, Using this attack, a malicious user can poison the web cache or perform advanced password reset attacks or even trigger arbitrary user re-direction.
CVSS Score
8.8
EPSS Score
0.029
Published
2018-02-12
CVE-2018-6912
The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.
CVSS Score
6.5
EPSS Score
0.007
Published
2018-02-12
CVE-2017-18174
In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-02-11
CVE-2018-6892
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.903
Published
2018-02-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved