Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2020
CVE-2020-10247
MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sighting_field.ctp.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-03-09
CVE-2020-10248
BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to val_users.php3.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-03-09
CVE-2020-10249
BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid name array parameter to val_soft.php3.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-03-09
CVE-2020-10250
BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3.
CVSS Score
9.8
EPSS Score
0.033
Published
2020-03-09
CVE-2020-9758
An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level access, leading to full account takeover. The attack fetches multiple credentials because they are stored in the database (stored XSS). This affects the mobile/chat URI via the lgn and psswrd parameters.
CVSS Score
9.6
EPSS Score
0.024
Published
2020-03-09
CVE-2019-19614
An issue was discovered in Halvotec RAQuest 10.23.10801.0. The login page is vulnerable to wildcard injection, allowing an attacker to enumerate the list of users sharing an identical password. Fixed in Release 10.24.11206.1.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-03-09
CVE-2020-10190
An issue was discovered in MunkiReport before 5.3.0. An authenticated user could achieve SQL Injection in app/models/tablequery.php by crafting a special payload on the /datatables/data endpoint.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-03-09
CVE-2016-1487
Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization.
CVSS Score
8.8
EPSS Score
0.009
Published
2020-03-09
CVE-2011-3269
Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-03-09
CVE-2011-4538
Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-03-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved