Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2017
CVE-2017-5870
Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/<domain id>; the (4) goto parameter to alias/add/did/<domain id>; or the (5) captchatext parameter to auth/lost-password.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-05-23
CVE-2015-1529
Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android allows attacks to cause a denial of service via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-05-23
CVE-2015-4045
The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script.
CVSS Score
6.7
EPSS Score
0.001
Published
2017-05-23
CVE-2015-4046
The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php.
CVSS Score
7.2
EPSS Score
0.062
Published
2017-05-23
CVE-2015-4054
PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by sending a password packet before a startup packet.
CVSS Score
7.5
EPSS Score
0.034
Published
2017-05-23
CVE-2015-4455
Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary.
CVSS Score
9.8
EPSS Score
0.803
Published
2017-05-23
CVE-2015-4704
Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter to download.php.
CVSS Score
7.5
EPSS Score
0.074
Published
2017-05-23
CVE-2015-5381
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.
CVSS Score
6.1
EPSS Score
0.024
Published
2017-05-23
CVE-2015-5382
program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.
CVSS Score
6.5
EPSS Score
0.01
Published
2017-05-23
CVE-2015-5383
Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory.
CVSS Score
7.5
EPSS Score
0.018
Published
2017-05-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved