Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2018
CVE-2018-10772
The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-05-07
CVE-2018-10767
There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.
CVSS Score
6.5
EPSS Score
0.009
Published
2018-05-06
CVE-2018-10768
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.
CVSS Score
6.5
EPSS Score
0.015
Published
2018-05-06
CVE-2018-0494
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.
CVSS Score
6.5
EPSS Score
0.758
Published
2018-05-06
CVE-2018-10686
An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-05-06
CVE-2018-10723
Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-05-05
CVE-2018-10757
CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt.
CVSS Score
9.8
EPSS Score
0.052
Published
2018-05-05
CVE-2018-10758
The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-05-05
CVE-2018-10752
The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-05-05
CVE-2018-10753
Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVSS Score
9.8
EPSS Score
0.01
Published
2018-05-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved