Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2018
CVE-2018-10100
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS.
CVSS Score
6.1
EPSS Score
0.049
Published
2018-04-16
CVE-2018-10101
Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server.
CVSS Score
6.1
EPSS Score
0.07
Published
2018-04-16
CVE-2018-10102
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.
CVSS Score
6.1
EPSS Score
0.027
Published
2018-04-16
CVE-2018-10106
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.php?a=%0a_POST_SERVICES%3DDEVICE.ACCOUNT%0aAUTHORIZED_GROUP%3D1 request.
CVSS Score
9.8
EPSS Score
0.008
Published
2018-04-16
CVE-2018-10107
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-04-16
CVE-2018-10108
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-04-16
CVE-2018-10109
Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog.
CVSS Score
4.8
EPSS Score
0.003
Published
2018-04-16
CVE-2018-1000169
An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins.
CVSS Score
5.3
EPSS Score
0.001
Published
2018-04-16
CVE-2014-2069
Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx.
CVSS Score
7.5
EPSS Score
0.263
Published
2018-04-16
CVE-2014-1686
MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation.
CVSS Score
5.3
EPSS Score
0.003
Published
2018-04-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved