Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2016
CVE-2016-0349
IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call.
CVSS Score
6.5
EPSS Score
0.001
Published
2016-06-30
CVE-2016-0322
Cross-site scripting (XSS) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 through CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML by uploading an HTML document.
CVSS Score
5.4
EPSS Score
0.002
Published
2016-06-30
CVE-2016-5839
WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.011
Published
2016-06-29
CVE-2016-5838
WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie.
CVSS Score
7.5
EPSS Score
0.017
Published
2016-06-29
CVE-2016-5837
WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.008
Published
2016-06-29
CVE-2016-5836
The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.072
Published
2016-06-29
CVE-2016-5835
WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php.
CVSS Score
7.5
EPSS Score
0.019
Published
2016-06-29
CVE-2016-5834
Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833.
CVSS Score
6.1
EPSS Score
0.009
Published
2016-06-29
CVE-2016-5833
Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5834.
CVSS Score
6.1
EPSS Score
0.009
Published
2016-06-29
CVE-2016-5832
The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.017
Published
2016-06-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved