Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2019
CVE-2019-9688
sftnow through 2018-12-29 allows index.php?g=Admin&m=User&a=add_post CSRF to add an admin account.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-03-11
CVE-2019-9659
The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System.
CVSS Score
9.1
EPSS Score
0.003
Published
2019-03-11
CVE-2019-9675
An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a practical attack is usually impossible.
CVSS Score
8.1
EPSS Score
0.006
Published
2019-03-11
CVE-2019-9656
An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump.
CVSS Score
8.8
EPSS Score
0.009
Published
2019-03-11
CVE-2019-9658
Checkstyle before 8.18 loads external DTDs by default.
CVSS Score
5.3
EPSS Score
0.037
Published
2019-03-11
CVE-2019-9660
Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html "catname" parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-03-11
CVE-2019-9661
Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html "value" parameter,
CVSS Score
4.8
EPSS Score
0.002
Published
2019-03-11
CVE-2019-9662
An issue was discovered in JTBC(PHP) 3.0.1.8. Its cache management module is flawed. An arbitrary file ending in "inc.php" can be deleted via a console/cache/manage.php?type=action&action=batch&batch=delete&ids=../ substring.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-03-11
CVE-2019-9650
An XSS issue was discovered in upcoming_events.php in the Upcoming Events plugin before 1.33 for MyBB via a crafted name for an event.
CVSS Score
6.1
EPSS Score
0.033
Published
2019-03-11
CVE-2019-9651
An issue was discovered in SDCMS V1.7. In the \app\admin\controller\themecontroller.php file, the check_bad() function's filtering is not strict, resulting in PHP code execution. This occurs because some dangerous PHP functions (such as "eval") are blocked but others (such as "system") are not, and because ".php" is blocked but ".PHP" is not blocked.
CVSS Score
9.8
EPSS Score
0.012
Published
2019-03-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved