Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2017
CVE-2017-6957
Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the firmware supports CCKM Fast and Secure Roaming and the feature is enabled in RAM, allows remote attackers to execute arbitrary code via a crafted reassociation response frame with a Cisco IE (156).
CVSS Score
8.1
EPSS Score
0.149
Published
2017-03-27
CVE-2017-6002
Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-03-27
CVE-2017-6003
dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-03-27
CVE-2017-6013
Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2017-03-27
CVE-2017-6066
Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can perform any Edit Language action, and can optionally insert XSS via the title parameter.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-03-27
CVE-2017-6067
Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-03-27
CVE-2017-6068
Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-03-27
CVE-2017-6069
Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-03-27
CVE-2017-7269
Known exploited
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
CVSS Score
9.8
EPSS Score
0.944
Published
2017-03-27
CVE-2017-5622
With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information.
CVSS Score
5.9
EPSS Score
0.001
Published
2017-03-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved