Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2019
The WP Human Resource Management plugin before 2.2.6 for WordPress mishandles leave applications.
CVSS Score
7.5
EPSS Score
0.018
Published
2019-03-05
The WP Human Resource Management plugin before 2.2.6 for WordPress does not ensure that a leave modification occurs in the context of the Administrator or HR Manager role.
CVSS Score
7.5
EPSS Score
0.024
Published
2019-03-05
The Quiz And Survey Master plugin 6.0.4 for WordPress allows wp-admin/admin.php?page=mlw_quiz_results quiz_id XSS.
CVSS Score
6.1
EPSS Score
0.016
Published
2019-03-05
Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device.
CVSS Score
7.5
EPSS Score
0.012
Published
2019-03-05
Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes.
CVSS Score
7.5
EPSS Score
0.017
Published
2019-03-05
Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot.
CVSS Score
9.1
EPSS Score
0.025
Published
2019-03-05
Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack.
CVSS Score
9.8
EPSS Score
0.027
Published
2019-03-05
PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit family, IEC104 Security Proxy versions Telecontrol Gateway 3G Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Telecontrol Gateway XS-MU Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Telecontrol Gateway VM Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Smart Telecontrol Unit TCG Versions 5.0.27, 5.1.19, 6.0.16 and prior, and IEC104 Security Proxy Version 2.2.10 and prior The web application browser interprets input as active HTML, JavaScript, or VBScript, which could allow an attacker to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.026
Published
2019-03-05
Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution.
CVSS Score
9.8
EPSS Score
0.05
Published
2019-03-05
Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash.
CVSS Score
6.5
EPSS Score
0.024
Published
2019-03-05


Contact Us

Shodan ® - All rights reserved