Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2018
CVE-2018-10322
The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-04-24
CVE-2018-10323
The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-04-24
CVE-2018-10328
Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream.
CVSS Score
7.4
EPSS Score
0.002
Published
2018-04-24
CVE-2018-10329
app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-04-24
CVE-2018-7751
The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file.
CVSS Score
6.5
EPSS Score
0.011
Published
2018-04-24
CVE-2018-10305
The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-04-24
CVE-2018-10309
The Responsive Cookie Consent plugin before 1.8 for WordPress mishandles number fields, leading to XSS.
CVSS Score
5.4
EPSS Score
0.003
Published
2018-04-24
CVE-2018-10311
A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-04-24
CVE-2018-10312
index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-04-24
CVE-2018-10313
WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI.
CVSS Score
5.4
EPSS Score
0.005
Published
2018-04-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved