Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2017
CVE-2016-8722
An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker.
CVSS Score
5.3
EPSS Score
0.004
Published
2017-04-13
CVE-2016-8723
An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially unexpected HTTP get requests to trigger this vulnerability.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-04-13
CVE-2016-8724
An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information.
CVSS Score
5.3
EPSS Score
0.032
Published
2017-04-13
CVE-2016-8725
An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker.
CVSS Score
5.3
EPSS Score
0.004
Published
2017-04-13
CVE-2016-8726
An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-04-13
CVE-2016-8727
An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system information to an attacker.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-04-13
CVE-2012-1301
The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter.
CVSS Score
9.8
EPSS Score
0.032
Published
2017-04-13
CVE-2013-6648
SkRegion::setPath in Skia allows remote attackers to cause a denial of service (crash).
CVSS Score
7.5
EPSS Score
0.004
Published
2017-04-13
CVE-2013-6662
Google Chrome caches TLS sessions before certificate validation occurs.
CVSS Score
6.5
EPSS Score
0.0
Published
2017-04-13
CVE-2014-3887
Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-4713.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-04-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved