Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2020
CVE-2019-10146
A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser.
CVSS Score
4.7
EPSS Score
0.003
Published
2020-03-18
CVE-2019-10682
django-nopassword before 5.0.0 stores cleartext secrets in the database.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-03-18
CVE-2019-11688
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Certificate Validation.
CVSS Score
7.4
EPSS Score
0.004
Published
2020-03-18
CVE-2019-11689
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, resulting in code execution as root.
CVSS Score
8.1
EPSS Score
0.024
Published
2020-03-18
CVE-2020-9324
Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-03-18
CVE-2020-9325
Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Download.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-03-18
CVE-2020-4199
IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174910.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-03-18
CVE-2020-6976
Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. An out-of-bounds read overflow can be exploited when a valid user opens a specially crafted, malicious input file due to the lack of validation.
CVSS Score
5.5
EPSS Score
0.003
Published
2020-03-18
CVE-2020-9323
Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory Enumeration via tiffserver/tssp.aspx.
CVSS Score
5.3
EPSS Score
0.016
Published
2020-03-18
CVE-2019-14883
A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token.
CVSS Score
3.7
EPSS Score
0.003
Published
2020-03-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved