Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2020
CVE-2020-5751
Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted operator.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-05-07
CVE-2020-7646
curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-05-07
CVE-2020-11431
The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal.
CVSS Score
9.1
EPSS Score
0.017
Published
2020-05-07
CVE-2020-12448
GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet.
CVSS Score
5.3
EPSS Score
0.003
Published
2020-05-07
CVE-2020-12608
An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config\. This can lead to code execution by changing the CacheService.xml SISServerURL parameter.
CVSS Score
7.8
EPSS Score
0.036
Published
2020-05-07
CVE-2020-12679
A reflected cross-site scripting (XSS) vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary JavaScript and HTML via the PATH_INFO to home.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-05-07
CVE-2020-5743
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-05-07
CVE-2020-5744
Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk.
CVSS Score
4.9
EPSS Score
0.003
Published
2020-05-07
CVE-2020-12683
Katyshop2 before 2.12 has multiple stored XSS issues.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-05-07
CVE-2020-12687
An issue was discovered in Serpico before 1.3.3. The /admin/attacments_backup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users (including administrators) from the database.
CVSS Score
6.5
EPSS Score
0.005
Published
2020-05-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved