Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2017
CVE-2017-7489
In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link.
CVSS Score
6.3
EPSS Score
0.003
Published
2017-05-15
CVE-2017-7490
In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.
CVSS Score
5.3
EPSS Score
0.002
Published
2017-05-15
CVE-2017-7491
In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.
CVSS Score
4.3
EPSS Score
0.001
Published
2017-05-15
CVE-2017-8933
Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (menu unavailability).
CVSS Score
3.3
EPSS Score
0.001
Published
2017-05-15
CVE-2017-8934
PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability).
CVSS Score
5.5
EPSS Score
0.001
Published
2017-05-15
CVE-2017-7213
Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors.
CVSS Score
10.0
EPSS Score
0.104
Published
2017-05-15
CVE-2017-7487
The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-05-14
CVE-2017-8928
mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-05-14
CVE-2017-8929
The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-05-14
CVE-2017-8930
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can (1) create new administrator user accounts and take over the entire application, (2) create regular user accounts, or (3) change configuration parameters such as tax rates and the enable/disable status of PayPal payment modules.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-05-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved