Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2017
CVE-2015-8813
The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter.
CVSS Score
8.2
EPSS Score
0.834
Published
2017-03-03
CVE-2015-8814
Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the templates.asmx.cs file.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-03-03
CVE-2015-8815
Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-03-03
CVE-2016-6882
MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack.
CVSS Score
5.9
EPSS Score
0.004
Published
2017-03-03
CVE-2016-6883
MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack.
CVSS Score
5.9
EPSS Score
0.698
Published
2017-03-03
CVE-2016-6884
TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted message.
CVSS Score
6.5
EPSS Score
0.005
Published
2017-03-03
CVE-2016-7406
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
CVSS Score
9.8
EPSS Score
0.103
Published
2017-03-03
CVE-2016-7407
The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file.
CVSS Score
9.8
EPSS Score
0.015
Published
2017-03-03
CVE-2016-7408
The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.
CVSS Score
8.8
EPSS Score
0.047
Published
2017-03-03
CVE-2016-7409
The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-03-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved