Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2020
CVE-2020-11048
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0.
CVSS Score
2.2
EPSS Score
0.001
Published
2020-05-07
CVE-2020-11049
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-05-07
CVE-2020-12116
Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request.
CVSS Score
7.5
EPSS Score
0.905
Published
2020-05-07
CVE-2020-12703
UliCMS before 2020.2 has XSS during PackageController uninstall.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-05-07
CVE-2020-12704
UliCMS before 2020.2 has PageController stored XSS.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-05-07
CVE-2020-12705
Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS before 4.6.0.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-05-07
CVE-2020-12706
Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or shoutbox_panel/shoutbox_admin.php
CVSS Score
5.4
EPSS Score
0.014
Published
2020-05-07
CVE-2020-12707
An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-05-07
CVE-2020-12708
Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-05-07
CVE-2020-4427
Known exploited
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532.
CVSS Score
9.0
EPSS Score
0.51
Published
2020-05-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved