Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2019
CVE-2019-10238
Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-27
CVE-2019-3829
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
CVSS Score
5.3
EPSS Score
0.041
Published
2019-03-27
CVE-2018-19641
Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
CVSS Score
6.1
EPSS Score
0.006
Published
2019-03-27
CVE-2018-19642
Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
CVSS Score
5.1
EPSS Score
0.002
Published
2019-03-27
CVE-2019-10231
Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).
CVSS Score
9.8
EPSS Score
0.003
Published
2019-03-27
CVE-2019-10232
Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter in /scripts/unlock_tasks.php.
CVSS Score
9.8
EPSS Score
0.859
Published
2019-03-27
CVE-2019-10233
Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.
CVSS Score
8.1
EPSS Score
0.004
Published
2019-03-27
CVE-2018-19466
A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls.
CVSS Score
9.8
EPSS Score
0.12
Published
2019-03-27
CVE-2017-18364
phpFK lite has XSS via the faq.php, members.php, or search.php query string or the user.php user parameter.
CVSS Score
7.4
EPSS Score
0.004
Published
2019-03-27
CVE-2017-2748
A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue.
CVSS Score
7.5
EPSS Score
0.01
Published
2019-03-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved