Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2021
CVE-2021-30074
docsify 4.12.1 is affected by Cross Site Scripting (XSS) because the search component does not appropriately encode Code Blocks and mishandles the " character.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-04-02
CVE-2021-28940
Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpie_debug.php and /scripts/magpie_simple.php page that if you send a specific https url in the RSS URL field, you are able to execute arbitrary commands.
CVSS Score
9.8
EPSS Score
0.046
Published
2021-04-02
CVE-2021-28941
Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it's possible to request any internal page if you use a https request.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-04-02
CVE-2021-30072
An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. Because strcat is misused, there is a stack-based buffer overflow that does not require authentication.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-04-02
CVE-2021-30125
Jamf Pro before 10.28.0 allows XSS related to inventory history, aka PI-009376.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-04-02
CVE-2021-30126
Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-04-02
CVE-2020-21585
Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module.
CVSS Score
9.8
EPSS Score
0.13
Published
2021-04-02
CVE-2020-21588
Buffer overflow in Core FTP LE v2.2 allows local attackers to cause a denial or service (crash) via a long string in the Setup->Users->Username editbox.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-04-02
CVE-2020-21590
Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-04-02
CVE-2021-29661
Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it.
CVSS Score
5.4
EPSS Score
0.004
Published
2021-04-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved