Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2019
CVE-2018-18261
In waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcname parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-04-15
CVE-2017-7771
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.
CVSS Score
8.1
EPSS Score
0.004
Published
2019-04-15
CVE-2017-7773
Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-04-15
CVE-2017-7774
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.
CVSS Score
9.1
EPSS Score
0.006
Published
2019-04-15
CVE-2017-7776
Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.
CVSS Score
8.1
EPSS Score
0.005
Published
2019-04-15
CVE-2017-7777
Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-04-15
CVE-2017-18366
Subrion CMS 4.1.5 has CSRF in blog/delete/.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-04-15
CVE-2018-16257
There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator
CVSS Score
6.1
EPSS Score
0.002
Published
2019-04-12
CVE-2018-16258
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import custom_type. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator
CVSS Score
6.1
EPSS Score
0.002
Published
2019-04-12
CVE-2018-16259
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator
CVSS Score
6.1
EPSS Score
0.002
Published
2019-04-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved