Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2023
CVE-2023-27084
Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-03-16
CVE-2023-27095
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-03-16
CVE-2023-28486
Sudo before 1.9.13 does not escape control characters in log messages.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-03-16
CVE-2023-28487
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-03-16
CVE-2023-25280
Known exploited
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.
CVSS Score
9.8
EPSS Score
0.931
Published
2023-03-16
CVE-2023-25281
A stack overflow vulnerability exists in pingV4Msg component in D-Link DIR820LA1_FW105B03, allows attackers to cause a denial of service via the nextPage parameter to ping.ccp.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-03-16
CVE-2023-26951
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Member List module.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-03-16
CVE-2023-28466
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
CVSS Score
7.0
EPSS Score
0.0
Published
2023-03-16
CVE-2023-28460
A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and 10.4.2.93 or newer.
CVSS Score
7.2
EPSS Score
0.011
Published
2023-03-15
CVE-2023-28461
Known exploited
Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."
CVSS Score
9.8
EPSS Score
0.893
Published
2023-03-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved