Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2017
CVE-2017-9557
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-06-12
CVE-2014-9984
nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.
CVSS Score
9.8
EPSS Score
0.007
Published
2017-06-12
CVE-2017-9418
SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php.
CVSS Score
8.8
EPSS Score
0.01
Published
2017-06-12
CVE-2017-8834
The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.
CVSS Score
6.5
EPSS Score
0.01
Published
2017-06-12
CVE-2017-8871
The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.
CVSS Score
6.5
EPSS Score
0.017
Published
2017-06-12
CVE-2017-9122
The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
CVSS Score
6.5
EPSS Score
0.062
Published
2017-06-12
CVE-2017-9123
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
CVSS Score
6.5
EPSS Score
0.029
Published
2017-06-12
CVE-2017-9124
The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
CVSS Score
6.5
EPSS Score
0.076
Published
2017-06-12
CVE-2017-9125
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file.
CVSS Score
6.5
EPSS Score
0.029
Published
2017-06-12
CVE-2017-9126
The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.
CVSS Score
6.5
EPSS Score
0.029
Published
2017-06-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved