Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2022
CVE-2022-26019
Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-03-31
CVE-2022-27496
Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-03-31
CVE-2022-28128
Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-03-31
CVE-2021-43663
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check.
CVSS Score
7.5
EPSS Score
0.008
Published
2022-03-31
CVE-2021-43661
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-31
CVE-2021-43662
totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-03-31
CVE-2022-25008
totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-03-30
CVE-2022-26644
Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via parameters on user profile, system_info and accounts management.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-30
CVE-2022-26645
A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function.
CVSS Score
9.8
EPSS Score
0.03
Published
2022-03-30
CVE-2022-26646
Online Banking System Protect v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the pages parameter.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-03-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved