Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2017
CVE-2016-6348
JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-04-12
CVE-2017-5936
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.
CVSS Score
7.5
EPSS Score
0.025
Published
2017-04-12
CVE-2017-7279
An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the "token" cookie issued at login.
CVSS Score
9.8
EPSS Score
0.045
Published
2017-04-12
CVE-2017-7280
An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code execution by sending a specially crafted user variable.
CVSS Score
9.8
EPSS Score
0.086
Published
2017-04-12
CVE-2017-7281
An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user to create a randomly named file on disk with a user-controlled extension, contents, and path, leading to remote code execution, aka Unrestricted File Upload.
CVSS Score
8.8
EPSS Score
0.074
Published
2017-04-12
CVE-2017-7284
An attacker that has hijacked a Unitrends Enterprise Backup (before 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the current password. This allows for an account takeover.
CVSS Score
8.8
EPSS Score
0.038
Published
2017-04-12
CVE-2016-4459
Stack-based buffer overflow in native/mod_manager/node.c in mod_cluster 1.2.9.
CVSS Score
7.5
EPSS Score
0.029
Published
2017-04-12
CVE-2016-6808
Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42.
CVSS Score
9.8
EPSS Score
0.342
Published
2017-04-12
CVE-2016-9957
Stack-based buffer overflow in game-music-emu before 0.6.1.
CVSS Score
7.8
EPSS Score
0.003
Published
2017-04-12
CVE-2016-9958
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
CVSS Score
7.8
EPSS Score
0.003
Published
2017-04-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved