Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2018
CVE-2018-9027
A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-06-18
CVE-2018-9028
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking.
CVSS Score
7.5
EPSS Score
0.001
Published
2018-06-18
CVE-2018-9029
An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-06-18
CVE-2018-1060
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
CVSS Score
4.3
EPSS Score
0.011
Published
2018-06-18
CVE-2018-1090
In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets.
CVSS Score
5.5
EPSS Score
0.003
Published
2018-06-18
CVE-2018-1152
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.
CVSS Score
6.5
EPSS Score
0.007
Published
2018-06-18
CVE-2018-1153
Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic.
CVSS Score
7.4
EPSS Score
0.001
Published
2018-06-18
CVE-2018-12530
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-06-18
CVE-2018-12531
An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271.
CVSS Score
9.8
EPSS Score
0.01
Published
2018-06-18
CVE-2018-12534
A SQL injection issue was discovered in the Quick Chat plugin before 4.00 for WordPress.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-06-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved