Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2017
CVE-2017-5836
The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-03-03
CVE-2017-5865
The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts.
CVSS Score
3.7
EPSS Score
0.002
Published
2017-03-03
CVE-2017-5866
The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.002
Published
2017-03-03
CVE-2017-5867
ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a one bit BMP file.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-03-03
CVE-2016-10127
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
CVSS Score
9.0
EPSS Score
0.008
Published
2017-03-03
CVE-2016-10193
The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in lib/espeak/speech.rb.
CVSS Score
9.8
EPSS Score
0.012
Published
2017-03-03
CVE-2016-10194
The festivaltts4r gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the (1) to_speech or (2) to_mp3 method in lib/festivaltts4r/festival4r.rb.
CVSS Score
9.8
EPSS Score
0.016
Published
2017-03-03
CVE-2016-10201
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-03-03
CVE-2016-10202
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-03-03
CVE-2016-10203
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-03-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved