Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2017
CVE-2014-9834
Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file.
CVSS Score
7.8
EPSS Score
0.003
Published
2017-03-22
CVE-2014-9835
Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file.
CVSS Score
7.8
EPSS Score
0.003
Published
2017-03-22
CVE-2014-9836
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-03-22
CVE-2014-9838
magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash).
CVSS Score
5.5
EPSS Score
0.004
Published
2017-03-22
CVE-2014-9839
magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access).
CVSS Score
7.5
EPSS Score
0.007
Published
2017-03-22
CVE-2014-9840
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-03-22
CVE-2017-6970
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863.
CVSS Score
8.4
EPSS Score
0.004
Published
2017-03-22
CVE-2017-6971
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862.
CVSS Score
8.8
EPSS Score
0.363
Published
2017-03-22
CVE-2017-5874
CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact.
CVSS Score
8.8
EPSS Score
0.0
Published
2017-03-22
CVE-2017-7222
A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php).
CVSS Score
6.1
EPSS Score
0.003
Published
2017-03-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved