Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2018
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts.
CVSS Score
9.8
EPSS Score
0.109
Published
2018-04-18
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism.
CVSS Score
9.8
EPSS Score
0.043
Published
2018-04-18
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions.
CVSS Score
9.8
EPSS Score
0.025
Published
2018-04-18
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account (specifically, an account with permission to write to the filesystem via SQL queries).
CVSS Score
7.2
EPSS Score
0.074
Published
2018-04-18
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts.
CVSS Score
9.8
EPSS Score
0.081
Published
2018-04-18
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account.
CVSS Score
7.2
EPSS Score
0.022
Published
2018-04-18
Mautic before v2.13.0 has stored XSS via a theme config file.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-04-18
Mautic before 2.13.0 allows CSV injection.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-04-18
In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-04-18
In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there was an XSS issue with muting notifications.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-04-18


Contact Us

Shodan ® - All rights reserved