Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2020
CVE-2019-5618
A-PDF WAV to MP3 version 1.0.0 suffers from an instance of CWE-121: Stack-based Buffer Overflow.
CVSS Score
7.8
EPSS Score
0.004
Published
2020-04-29
CVE-2019-5619
AASync.com AASync version 2.2.1.0 suffers from an instance of CWE-121: Stack-based Buffer Overflow.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-04-29
CVE-2020-11942
An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL Injections.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-04-29
CVE-2020-11943
An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file upload.
CVSS Score
8.8
EPSS Score
0.038
Published
2020-04-29
CVE-2020-12477
The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-04-29
CVE-2020-12478
TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.
CVSS Score
7.5
EPSS Score
0.237
Published
2020-04-29
CVE-2020-12479
TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal.
CVSS Score
8.8
EPSS Score
0.024
Published
2020-04-29
CVE-2016-11061
Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device.
CVSS Score
9.8
EPSS Score
0.017
Published
2020-04-29
CVE-2020-11022
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVSS Score
6.9
EPSS Score
0.237
Published
2020-04-29
CVE-2020-12469
admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-04-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved