Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2023
CVE-2023-29459
The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI is subsequently loaded into the application's webview, thus allowing the loading of arbitrary content into the context of the application. This can occur via the fcrbs schema or an explicit intent invocation.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-06-26
CVE-2023-33580
Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page.
CVSS Score
4.8
EPSS Score
0.005
Published
2023-06-26
CVE-2023-25306
MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-06-26
CVE-2023-25307
nothub mrpack-install <= v0.16.2 is vulnerable to Directory Traversal.
CVSS Score
7.8
EPSS Score
0.002
Published
2023-06-26
CVE-2023-36301
Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet.
CVSS Score
7.5
EPSS Score
0.005
Published
2023-06-26
CVE-2023-30261
Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET request.
CVSS Score
9.8
EPSS Score
0.537
Published
2023-06-26
CVE-2023-29437
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Steven A. Zahm Connections Business Directory plugin <= 10.4.36 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-06-26
CVE-2023-29438
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Martin SimpleModal Contact Form (SMCF) plugin <= 1.2.9 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-06-26
CVE-2023-29435
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Zwaply Cryptocurrency All-in-One plugin <= 3.0.19 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-06-26
CVE-2023-36631
Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application can be locked using a password."
CVSS Score
7.8
EPSS Score
0.0
Published
2023-06-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved