Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2018
CVE-2018-7567
In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. NOTE: the vendor disputes this issue stating "the behaviour is as designed and needed for different packages to be installed", "there is a security warning if the package is not verified by OTRS Group", and "there is the possibility and responsibility of an admin to check packages before installation which is possible as they are not binary.
CVSS Score
7.2
EPSS Score
0.022
Published
2018-03-04
CVE-2018-7653
In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter.
CVSS Score
6.1
EPSS Score
0.011
Published
2018-03-04
CVE-2017-18213
In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges.
CVSS Score
7.2
EPSS Score
0.006
Published
2018-03-04
CVE-2018-7449
SEGGER FTP Server for Windows before 3.22a allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command.
CVSS Score
7.5
EPSS Score
0.208
Published
2018-03-04
CVE-2018-7583
Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) via a long string to TCP port 5500.
CVSS Score
7.5
EPSS Score
0.216
Published
2018-03-04
CVE-2018-7651
index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string.
CVSS Score
5.9
EPSS Score
0.004
Published
2018-03-04
CVE-2018-7652
lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 has XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-03-04
CVE-2018-7654
On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/RecordingList/download?file=" allows full access to files on the server via path traversal.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-03-04
CVE-2015-7596
SafeNet Authentication Service End User Software Tools for Windows uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-03-02
CVE-2015-7597
SafeNet Authentication Service IIS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-03-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved