Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2017
CVE-2017-7407
The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.
CVSS Score
2.4
EPSS Score
0.002
Published
2017-04-03
CVE-2017-7402
Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg.
CVSS Score
9.8
EPSS Score
0.093
Published
2017-04-03
CVE-2017-5642
During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs.
CVSS Score
9.8
EPSS Score
0.008
Published
2017-04-03
CVE-2013-7450
Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-04-03
CVE-2014-1677
Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.
CVSS Score
7.5
EPSS Score
0.281
Published
2017-04-03
CVE-2014-3927
mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code.
CVSS Score
9.8
EPSS Score
0.012
Published
2017-04-03
CVE-2014-3928
Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials.
CVSS Score
9.8
EPSS Score
0.007
Published
2017-04-03
CVE-2014-3929
The default configuration for Cougar-LG stores sensitive information under the web root with insufficient access control, which might allow remote attackers to obtain private ssh keys.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-04-03
CVE-2014-3930
lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentials.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-04-03
CVE-2017-7400
OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.
CVSS Score
4.8
EPSS Score
0.002
Published
2017-04-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved