Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2020
CVE-2014-1634
SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.
CVSS Score
9.8
EPSS Score
0.001
Published
2020-03-09
CVE-2015-7338
SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php.
CVSS Score
7.2
EPSS Score
0.003
Published
2020-03-09
CVE-2015-7339
JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /com_jce/editor/libraries/classes/browser.php script.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-03-09
CVE-2015-7340
JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid in a Manage Events action.
CVSS Score
7.2
EPSS Score
0.003
Published
2020-03-09
CVE-2015-7341
JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-03-09
CVE-2015-7342
JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.
CVSS Score
7.2
EPSS Score
0.003
Published
2020-03-09
CVE-2016-1159
In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service.
CVSS Score
6.5
EPSS Score
0.005
Published
2020-03-09
CVE-2016-6918
Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. (
CVSS Score
10.0
EPSS Score
0.011
Published
2020-03-09
CVE-2020-9386
In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.
CVSS Score
4.3
EPSS Score
0.003
Published
2020-03-09
CVE-2020-9517
There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-03-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved