Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2017
CVE-2017-6351
The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device using the telnet protocol and log into the device with the 'abarco' hardcoded manufacturer account. This account is not documented, nor is the DEBUG feature or the use of telnetd on port tcp/5885.
CVSS Score
8.1
EPSS Score
0.167
Published
2017-03-06
CVE-2017-6416
An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string.
CVSS Score
9.8
EPSS Score
0.646
Published
2017-03-06
CVE-2017-6497
An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS).
CVSS Score
7.5
EPSS Score
0.008
Published
2017-03-06
CVE-2017-6498
An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-03-06
CVE-2017-6499
An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS).
CVSS Score
5.5
EPSS Score
0.003
Published
2017-03-06
CVE-2017-6500
An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-03-06
CVE-2017-6501
An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-03-06
CVE-2017-6502
An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS).
CVSS Score
5.5
EPSS Score
0.002
Published
2017-03-06
CVE-2017-6503
WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-03-06
CVE-2017-6504
WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-03-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved