Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2020
CVE-2020-9291
An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.
CVSS Score
6.3
EPSS Score
0.001
Published
2020-06-01
CVE-2019-15709
An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI.
CVSS Score
6.5
EPSS Score
0.006
Published
2020-06-01
CVE-2020-13695
In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/*.db or /etc/shadow file.
CVSS Score
7.2
EPSS Score
0.004
Published
2020-06-01
CVE-2014-8937
Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-06-01
CVE-2014-8938
Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-06-01
CVE-2014-8939
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-01
CVE-2014-8940
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (names and details of projects) by visiting the /update.log URI.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-01
CVE-2014-8941
Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-06-01
CVE-2014-8942
Lexiglot through 2014-11-20 allows CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-06-01
CVE-2014-8943
Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-06-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved