Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2018
CVE-2018-10078
Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description.
CVSS Score
4.8
EPSS Score
0.003
Published
2018-04-20
CVE-2018-10079
Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating (1) config.xml or (2) servers.xml.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-04-20
CVE-2018-10173
Digital Guardian Management Console 7.1.2.0015 allows authenticated remote code execution because of Arbitrary File Upload functionality.
CVSS Score
8.8
EPSS Score
0.018
Published
2018-04-20
CVE-2018-10174
Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if the logged-in user has a read-only role.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-04-20
CVE-2018-10175
Digital Guardian Management Console 7.1.2.0015 has an XXE issue.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-04-20
CVE-2018-10176
Digital Guardian Management Console 7.1.2.0015 has a Directory Traversal issue.
CVSS Score
6.5
EPSS Score
0.024
Published
2018-04-20
CVE-2018-7747
Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log, or (3) an imported form.
CVSS Score
4.8
EPSS Score
0.009
Published
2018-04-20
CVE-2014-10073
The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-04-20
CVE-2014-4782
IBM InfoSphere BigInsights 2.1.2 allows remote authenticated users to discover SMTP server credentials via vectors related to the Alert management service. IBM X-Force ID: 95029.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-04-20
CVE-2014-6108
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172.
CVSS Score
5.9
EPSS Score
0.002
Published
2018-04-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved