Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2020
CVE-2020-11520
The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to write to arbitrary kernel memory addresses because the IOCTL dispatcher lacks pointer validation. Exploiting this vulnerability results in privileged code execution.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-06-22
CVE-2020-13158
Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter.
CVSS Score
7.5
EPSS Score
0.918
Published
2020-06-22
CVE-2020-13159
Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818.
CVSS Score
9.8
EPSS Score
0.176
Published
2020-06-22
CVE-2020-13426
The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-06-22
CVE-2020-13427
Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user via the user_name, user_firstname, or user_lastname parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-06-22
CVE-2020-13480
Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the "send email" feature.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-06-22
CVE-2020-14049
Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this issue exists because of an incomplete fix for CVE-2019-12569.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-06-22
CVE-2020-14972
Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the admin login-portal and the edit-lessons webpages.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-06-22
CVE-2020-14973
The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-06-22
CVE-2020-14980
The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation.
CVSS Score
5.9
EPSS Score
0.001
Published
2020-06-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved