Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2017
CVE-2017-2322
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-04-24
CVE-2017-5191
An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-04-24
CVE-2017-7723
XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-04-24
CVE-2017-8098
e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker.
CVSS Score
6.5
EPSS Score
0.002
Published
2017-04-24
CVE-2017-8099
There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request.
CVSS Score
8.1
EPSS Score
0.002
Published
2017-04-24
CVE-2017-8100
There is CSRF in the CopySafe Web Protection plugin before 2.6 for WordPress, allowing attackers to change plugin settings.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-04-24
CVE-2017-8101
There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-04-24
CVE-2017-8102
Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-04-24
CVE-2017-8103
In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-04-24
CVE-2017-8104
In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.
CVSS Score
5.3
EPSS Score
0.013
Published
2017-04-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved