Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2019
CVE-2019-10869
Path Traversal and Unrestricted File Upload exists in the Ninja Forms plugin before 3.0.23 for WordPress (when the Uploads add-on is activated). This allows an attacker to traverse the file system to access files and execute code via the includes/fields/upload.php (aka upload/submit page) name and tmp_name parameters.
CVSS Score
8.1
EPSS Score
0.48
Published
2019-05-07
CVE-2019-11629
Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-05-07
CVE-2018-13991
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 leaks private information in firmware images.
CVSS Score
5.3
EPSS Score
0.001
Published
2019-05-07
CVE-2018-13992
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.
CVSS Score
8.2
EPSS Score
0.001
Published
2019-05-07
CVE-2018-13993
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-05-07
CVE-2018-13994
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-05-07
CVE-2018-14478
ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-05-07
CVE-2018-14485
BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd.
CVSS Score
9.8
EPSS Score
0.434
Published
2019-05-07
CVE-2019-9708
An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. A site administrator can suspend the system user (root), causing all users to be locked out from the system.
CVSS Score
4.9
EPSS Score
0.004
Published
2019-05-07
CVE-2019-11560
A buffer overflow vulnerability in the streaming server provided by hisilicon in HI3516 models allows an unauthenticated attacker to remotely run arbitrary code by sending a special RTSP over HTTP packet. The vulnerability was found in many cameras using hisilicon's hardware and software, as demonstrated by TENVIS cameras 1.3.3.3, 1.2.7.2, 1.2.1.4, 7.1.20.1.2, and 13.1.1.1.7.2; FDT FD7902 11.3.14.1.3 and 10.3.14.1.3; FOSCAM cameras 3.2.1.1.1_0815 and 3.2.2.2.1_0815; and Dericam cameras V11.3.8.1.12.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-05-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved