Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2018
CVE-2018-9034
Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2018-04-04
CVE-2018-9035
CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form.
CVSS Score
9.6
EPSS Score
0.088
Published
2018-04-04
CVE-2018-9115
Systematic SitaWare 6.4 SP2 does not validate input from other sources sufficiently. e.g., information utilizing the NVG interface. An attacker can freeze the Situational Layer, which means that the Situational Picture is no longer updated. Unfortunately, the user cannot notice until he tries to work with that layer.
CVSS Score
5.3
EPSS Score
0.204
Published
2018-04-04
CVE-2018-9126
The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI.
CVSS Score
9.8
EPSS Score
0.833
Published
2018-04-04
CVE-2018-9284
authentication.cgi on D-Link DIR-868L devices with Singapore StarHub firmware before v1.21SHCb03 allows remote attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.076
Published
2018-04-04
CVE-2018-9285
Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT-AC86U, RT-AC88U, RT-AC1900, RT-AC2900, and RT-AC3100 devices before 3.0.0.4.384_10007; RT-N18U devices before 3.0.0.4.382.39935; RT-AC87U and RT-AC3200 devices before 3.0.0.4.382.50010; and RT-AC5300 devices before 3.0.0.4.384.20287 allows OS command injection via the pingCNT and destIP fields of the SystemCmd variable.
CVSS Score
9.8
EPSS Score
0.084
Published
2018-04-04
CVE-2017-6424
An elevation of privilege vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-32086742. References: QC-CR#1102648.
CVSS Score
7.0
EPSS Score
0.001
Published
2018-04-04
CVE-2017-6425
An information disclosure vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-32577085. References: QC-CR#1103689.
CVSS Score
3.3
EPSS Score
0.001
Published
2018-04-04
CVE-2017-6426
An information disclosure vulnerability in the Qualcomm SPMI driver. Product: Android. Versions: Android kernel. Android ID: A-33644474. References: QC-CR#1106842.
CVSS Score
3.3
EPSS Score
0.001
Published
2018-04-04
CVE-2018-1421
IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139023.
CVSS Score
7.1
EPSS Score
0.003
Published
2018-04-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved