Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2020
CVE-2020-4084
HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-03-09
CVE-2020-8987
Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate. No special action necessary by the victim using AntiTrack with "Allow filtering of HTTPS traffic for tracking detection" enabled. (This is the default configuration.)
CVSS Score
7.4
EPSS Score
0.001
Published
2020-03-09
CVE-2014-1634
SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.
CVSS Score
9.8
EPSS Score
0.001
Published
2020-03-09
CVE-2015-7338
SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php.
CVSS Score
7.2
EPSS Score
0.003
Published
2020-03-09
CVE-2015-7339
JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /com_jce/editor/libraries/classes/browser.php script.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-03-09
CVE-2015-7340
JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid in a Manage Events action.
CVSS Score
7.2
EPSS Score
0.003
Published
2020-03-09
CVE-2015-7341
JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-03-09
CVE-2015-7342
JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.
CVSS Score
7.2
EPSS Score
0.003
Published
2020-03-09
CVE-2016-1159
In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service.
CVSS Score
6.5
EPSS Score
0.005
Published
2020-03-09
CVE-2016-6918
Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. (
CVSS Score
10.0
EPSS Score
0.007
Published
2020-03-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved