Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2018
CVE-2018-1418
IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass authentication which could lead to code execution. IBM X-Force ID: 138824.
CVSS Score
8.8
EPSS Score
0.708
Published
2018-04-26
CVE-2018-6518
Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php.
CVSS Score
4.8
EPSS Score
0.003
Published
2018-04-26
CVE-2018-10425
An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because SetParent is not properly considered.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-04-26
CVE-2018-8974
Centers for Disease Control and Prevention MicrobeTRACE 0.1.11 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'Source<script type="text/javascript" src=' line. Fix released on 2018-03-28.
CVSS Score
7.8
EPSS Score
0.017
Published
2018-04-26
CVE-2018-9113
Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial '><script type="text/javascript" src=' line. Fix released on 2018-03-29.
CVSS Score
7.8
EPSS Score
0.017
Published
2018-04-26
CVE-2018-10391
An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-26
CVE-2018-10392
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
CVSS Score
8.8
EPSS Score
0.014
Published
2018-04-26
CVE-2018-10393
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-04-26
CVE-2018-10422
An issue was discovered in HongCMS 3.0.0. The post news feature has Stored XSS via the content field.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-26
CVE-2018-10423
mc-admin/post.php in MiniCMS 1.10 allows remote attackers to obtain a directory listing of the top-level directory of the web root via a link that becomes available after posting an article.
CVSS Score
2.7
EPSS Score
0.002
Published
2018-04-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved