Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2017
CVE-2017-9353
In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address.
CVSS Score
7.5
EPSS Score
0.08
Published
2017-06-02
CVE-2017-9354
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address.
CVSS Score
7.5
EPSS Score
0.008
Published
2017-06-02
CVE-2017-9358
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).
CVSS Score
7.5
EPSS Score
0.012
Published
2017-06-02
CVE-2017-9359
The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-06-02
CVE-2017-9360
WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-06-02
CVE-2017-9361
WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-06-02
CVE-2017-9363
Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request.
CVSS Score
9.8
EPSS Score
0.055
Published
2017-06-02
CVE-2017-9364
Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-06-02
CVE-2017-9365
CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-06-02
CVE-2017-9366
Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tab_name parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2017-06-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved