Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2018
CVE-2018-12655
Reflected Cross-Site Scripting (XSS) exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loan_rules.php?keywords= URI, a related issue to CVE-2017-7242.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-06-22
CVE-2018-12656
Reflected Cross-Site Scripting (XSS) exists in the Membership module in SLiMS 8 Akasia 8.3.1 via an admin/modules/membership/index.php?keywords= URI.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-06-22
CVE-2018-12657
Reflected Cross-Site Scripting (XSS) exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an admin/modules/master_file/rda_cmc.php?keywords= URI.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-06-22
CVE-2018-12658
Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an admin/modules/stock_take/index.php?keywords= URI.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-06-22
CVE-2018-12659
SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-06-22
CVE-2018-12649
An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can bypass the brute-force protection by using a PUT HTTP method instead of a POST HTTP method in the login part, because this protection was only covering POST requests.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-06-22
CVE-2018-1655
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748.
CVSS Score
4.0
EPSS Score
0.001
Published
2018-06-22
CVE-2017-2668
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.
CVSS Score
6.5
EPSS Score
0.11
Published
2018-06-22
CVE-2017-7466
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
CVSS Score
8.0
EPSS Score
0.025
Published
2018-06-22
CVE-2018-12648
The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-06-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved