Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2019
CVE-2019-9939
The SHAREit application before 4.0.36 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to bypass authentication by trying to fetch a non-existing page. When the non-existing page is requested, the application responds with a 200 status code and empty page, and adds the requesting client device into the list of recognized devices.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-03-22
CVE-2019-9908
The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-03-22
CVE-2019-9909
The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-22
CVE-2019-9910
The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-22
CVE-2019-9911
The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-22
CVE-2019-9912
The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-03-22
CVE-2019-9913
The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-22
CVE-2019-9914
The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-22
CVE-2019-9915
GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter.
CVSS Score
6.1
EPSS Score
0.09
Published
2019-03-22
CVE-2018-18913
Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take full control of the system from any location within the system. The issue lies in the loading of the shcore.dll and dcomp.dll files: these files are being searched for by the program in the same system-wide directory where the HTML file is executed.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-03-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved