Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2018
CVE-2018-7660
In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Reflected Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via the servlet/Download _docbase or _username parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-04-11
CVE-2018-9991
Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-11
CVE-2018-9992
Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-11
CVE-2018-10016
Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-04-11
CVE-2018-10017
soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service (out-of-bounds read) via an IT or MO3 file with many nested pattern loops.
CVSS Score
6.5
EPSS Score
0.008
Published
2018-04-11
CVE-2017-18259
Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-04-11
CVE-2017-18260
Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter).
CVSS Score
8.8
EPSS Score
0.002
Published
2018-04-11
CVE-2017-9838
Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_create, month_start, and month_end parameters), and don/card.php (societe, lastname, firstname, address, zipcode, town, and email parameters).
CVSS Score
5.4
EPSS Score
0.002
Published
2018-04-11
CVE-2017-9839
Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter).
CVSS Score
8.8
EPSS Score
0.002
Published
2018-04-11
CVE-2018-10000
The Video Downloader professional extension before 2018-04-05 for Chrome has Universal XSS (UXSS) via vectors related to a link64_msgAddLinks event.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-04-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved