Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2018
CVE-2018-7663
An issue was discovered in resources/views/layouts/app.blade.php in Voten.co before 2017-08-25. An unescaped template literal in the bio field of a user profile (resources/views/layouts/app.blade.php) allows for server-side template injection of arbitrary JavaScript.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-03-05
CVE-2018-7664
An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via shell metacharacters in the file_name parameter to /api/file_uploader.php or /actions/file_downloader.php.
CVSS Score
9.8
EPSS Score
0.007
Published
2018-03-05
CVE-2018-7665
An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php.
CVSS Score
9.8
EPSS Score
0.711
Published
2018-03-05
CVE-2018-7666
An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL injection vulnerabilities exist in the actions/vote_channel.php channelId parameter, the ajax/commonAjax.php email parameter, and the ajax/commonAjax.php username parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-03-05
CVE-2018-7667
Adminer through 4.3.1 has SSRF via the server parameter.
CVSS Score
9.8
EPSS Score
0.11
Published
2018-03-05
CVE-2018-7668
TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-03-05
CVE-2018-7662
Couch through 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php.
CVSS Score
5.3
EPSS Score
0.896
Published
2018-03-04
CVE-2018-7661
Papenmeier WiFi Baby Monitor Free & Lite before 2.02.2 allows remote attackers to obtain audio data via certain requests to TCP ports 8258 and 8257.
CVSS Score
5.3
EPSS Score
0.001
Published
2018-03-04
CVE-2017-18214
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-03-04
CVE-2018-7560
index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service (ReDoS) issue via a crafted multipart/form-data boundary string.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-03-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved