Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2020
CVE-2020-10117
cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542).
CVSS Score
9.1
EPSS Score
0.004
Published
2020-03-17
CVE-2020-10118
cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543).
CVSS Score
9.1
EPSS Score
0.003
Published
2020-03-17
CVE-2020-10119
cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).
CVSS Score
9.8
EPSS Score
0.028
Published
2020-03-17
CVE-2018-18576
The Hustle (aka wordpress-popup) plugin through 6.0.5 for WordPress allows Directory Traversal to obtain a directory listing via the views/admin/dashboard/ URI.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-03-17
CVE-2018-21037
Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-03-17
CVE-2019-11074
A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below that allows attackers to place files in arbitrary locations with SYSTEM privileges (although not controlling the contents of such files) due to insufficient sanitisation when passing arguments to the phantomjs.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Full Web Page Sensor and set specific settings when executing the sensor.
CVSS Score
7.2
EPSS Score
0.05
Published
2020-03-17
CVE-2019-20490
cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499).
CVSS Score
8.8
EPSS Score
0.002
Published
2020-03-17
CVE-2019-20492
cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file (SEC-516).
CVSS Score
8.8
EPSS Score
0.002
Published
2020-03-17
CVE-2019-20493
cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520).
CVSS Score
6.1
EPSS Score
0.004
Published
2020-03-17
CVE-2019-20452
A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution.
CVSS Score
8.8
EPSS Score
0.044
Published
2020-03-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved