Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2018
CVE-2018-12689
phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-06-22
CVE-2018-12538
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-06-22
CVE-2018-12684
Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.
CVSS Score
7.1
EPSS Score
0.002
Published
2018-06-22
CVE-2018-12687
tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-06-22
CVE-2018-12688
tinyexr 0.9.5 has a segmentation fault in the wav2Decode function.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-06-22
CVE-2018-1000201
ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-06-22
CVE-2018-12678
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-06-22
CVE-2018-12636
The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.
CVSS Score
7.2
EPSS Score
0.484
Published
2018-06-22
CVE-2017-7568
NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface.
CVSS Score
5.3
EPSS Score
0.014
Published
2018-06-22
CVE-2018-12654
Reflected Cross-Site Scripting (XSS) exists in the Bibliography module in SLiMS 8 Akasia 8.3.1 via an admin/modules/bibliography/index.php?keywords= URI.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-06-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved