Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2019
CVE-2019-11869
The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that is_admin() verifies that the request comes from an admin user (it actually only verifies that the request is for an admin page). An unauthenticated attacker can inject a payload into the plugin settings, such as the yuzo_related_post_css_and_style setting.
CVSS Score
6.1
EPSS Score
0.114
Published
2019-05-09
CVE-2019-11870
Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-05-09
CVE-2018-20837
include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-05-09
CVE-2019-7652
TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the vulnerability, an attacker must create a new analysis, select URL for Data Type, and provide an SSRF payload like "http://127.0.0.1:22" in the Data parameter. The result can be seen in the main dashboard. Thus, it is possible to do port scans on localhost and intranet hosts.
CVSS Score
7.7
EPSS Score
0.033
Published
2019-05-09
CVE-2016-1600
The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-05-09
CVE-2019-11842
An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-05-09
CVE-2019-1568
Cross-site scripting (XSS) vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-05-09
CVE-2017-12758
https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 is affected by: SQL Injection. The impact is: Code execution (remote). The component is: com_appointment component.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-05-09
CVE-2017-12759
Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Management 3.0 is affected by: SQL Injection. The impact is: Code execution (remote).
CVSS Score
9.8
EPSS Score
0.008
Published
2019-05-09
CVE-2017-12760
Ynet Interactive - http://demo.ynetinteractive.com/mobiketa/ Mobiketa 4.0 is affected by: SQL Injection. The impact is: Code execution (remote).
CVSS Score
8.8
EPSS Score
0.004
Published
2019-05-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved