Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2019
CVE-2013-7466
Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation.
CVSS Score
8.8
EPSS Score
0.014
Published
2019-03-07
CVE-2013-7467
Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-07
CVE-2013-7468
Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.
CVSS Score
8.1
EPSS Score
0.005
Published
2019-03-07
CVE-2017-12447
GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.
CVSS Score
7.8
EPSS Score
0.003
Published
2019-03-07
CVE-2018-14498
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-03-07
CVE-2018-14499
An issue was found in HYBBS through 2016-03-08. There is an XSS vulnerablity via an article title to post.html.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-07
CVE-2018-16804
An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-07
CVE-2018-16808
An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-07
CVE-2018-16809
An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-03-07
CVE-2018-17412
zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-03-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved