Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2018
CVE-2018-12065
A Local File Inclusion vulnerability in /system/WCore/WHelper.php in Creatiwity wityCMS 0.6.2 allows remote attackers to include local PHP files (execute PHP code) or read non-PHP files by replacing a helper.json file.
CVSS Score
9.8
EPSS Score
0.008
Published
2018-06-08
CVE-2018-12055
Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on.
CVSS Score
9.8
EPSS Score
0.022
Published
2018-06-08
CVE-2018-12051
Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type.
CVSS Score
9.8
EPSS Score
0.024
Published
2018-06-08
CVE-2018-12052
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php.
CVSS Score
9.8
EPSS Score
0.022
Published
2018-06-08
CVE-2018-12053
Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal.
CVSS Score
7.5
EPSS Score
0.438
Published
2018-06-08
CVE-2018-12054
Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.
CVSS Score
7.5
EPSS Score
0.708
Published
2018-06-08
CVE-2018-9177
Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-06-08
CVE-2018-9182
Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-06-08
CVE-2018-9246
The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application.
CVSS Score
9.8
EPSS Score
0.01
Published
2018-06-08
CVE-2018-12041
An issue was discovered on the MediaTek AWUS036NH wireless USB adapter through 5.1.25.0. Attackers can remotely deny service by sending specially constructed 802.11 frames.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-06-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved