Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2019
CVE-2018-15506
In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running BubbleUPnP, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack the cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.
CVSS Score
9.8
EPSS Score
0.021
Published
2019-06-19
CVE-2018-17389
CSRF exists in server.php in Live Call Support Application 1.5 for adding an admin account.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-06-19
CVE-2018-17393
SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-06-19
CVE-2018-17398
SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via the filter_category_id parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-06-19
CVE-2018-17399
SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-06-19
CVE-2018-17423
An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-06-19
CVE-2018-17840
SQL injection exists in Scriptzee Education Website 1.0 via the college_list.html subject, city, or country parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-06-19
CVE-2018-17841
SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-06-19
CVE-2019-12491
OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to run arbitrary commands with root privileges on servers managed by OnApp for XEN/KVM hypervisors. To exploit the vulnerability an attacker has to have control of a single server on a given cloud (e.g. by renting one). From the source server, the attacker can craft any command and trigger the OnApp platform to execute that command with root privileges on a target server.
CVSS Score
6.6
EPSS Score
0.003
Published
2019-06-19
CVE-2019-6114
An issue was discovered in Corel PaintShop Pro 2019 21.0.0.119. An integer overflow in the jp2 parsing library allows an attacker to overwrite memory and to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.009
Published
2019-06-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved