Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2018
CVE-2013-7201
WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.
CVSS Score
7.4
EPSS Score
0.009
Published
2018-04-27
CVE-2013-7202
The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system.
CVSS Score
8.1
EPSS Score
0.014
Published
2018-04-27
CVE-2014-0841
IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. IBM X-Force ID: 90704.
CVSS Score
5.3
EPSS Score
0.0
Published
2018-04-27
CVE-2014-1845
An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-04-27
CVE-2014-1846
Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-04-27
CVE-2014-2552
Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data.
CVSS Score
9.8
EPSS Score
0.039
Published
2018-04-27
CVE-2015-1857
The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions.
CVSS Score
5.3
EPSS Score
0.003
Published
2018-04-27
CVE-2018-10503
An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-04-27
CVE-2018-10504
The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection.
CVSS Score
7.8
EPSS Score
0.03
Published
2018-04-27
CVE-2018-1479
IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 140761.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-04-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved