Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2016
CVE-2016-1175
Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.03.01.04 allows remote attackers to hijack the authentication of arbitrary users.
CVSS Score
4.3
EPSS Score
0.001
Published
2016-04-05
CVE-2016-0289
shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictions via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.001
Published
2016-04-05
CVE-2015-8523
The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to cause a denial of service (service crash) via crafted packets to a TCP port.
CVSS Score
7.5
EPSS Score
0.016
Published
2016-04-05
CVE-2015-8522
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8521.
CVSS Score
9.8
EPSS Score
0.089
Published
2016-04-05
CVE-2015-8521
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8522.
CVSS Score
9.8
EPSS Score
0.089
Published
2016-04-05
CVE-2015-8520
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8521, and CVE-2015-8522.
CVSS Score
9.8
EPSS Score
0.089
Published
2016-04-05
CVE-2015-8519
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8520, CVE-2015-8521, and CVE-2015-8522.
CVSS Score
9.8
EPSS Score
0.089
Published
2016-04-05
CVE-2016-2343
Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements.
CVSS Score
9.8
EPSS Score
0.008
Published
2016-04-01
CVE-2016-2289
Directory traversal vulnerability in ICONICS WebHMI 9 and earlier allows remote attackers to read configuration files, and consequently discover password hashes, via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.011
Published
2016-04-01
CVE-2016-0793
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) "meaningless" characters.
CVSS Score
7.5
EPSS Score
0.322
Published
2016-04-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved