Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2020
CVE-2020-3921
UltraLog Express device management software stores user’s information in cleartext. Any user can obtain accounts information through a specific page.
CVSS Score
8.6
EPSS Score
0.002
Published
2020-03-27
CVE-2020-3936
UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command.
CVSS Score
10.0
EPSS Score
0.004
Published
2020-03-27
CVE-2020-10990
An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-03-27
CVE-2020-10991
Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java
CVSS Score
9.8
EPSS Score
0.004
Published
2020-03-27
CVE-2020-10992
Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-03-27
CVE-2020-10993
Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java.
CVSS Score
9.1
EPSS Score
0.004
Published
2020-03-27
CVE-2020-9467
Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-03-26
CVE-2020-9468
The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-03-26
CVE-2020-10823
A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3).
CVSS Score
9.8
EPSS Score
0.055
Published
2020-03-26
CVE-2020-10824
A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3).
CVSS Score
9.8
EPSS Score
0.055
Published
2020-03-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved