Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2019
CVE-2018-14885
Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password. An arbitrary password succeeds.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-06-28
CVE-2018-14886
The module-description renderer in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier does not disable RST's local file inclusion, which allows privileged authenticated users to read local files via a crafted module description.
CVSS Score
4.9
EPSS Score
0.003
Published
2019-06-28
CVE-2018-14887
Improper Host header sanitization in the dbfilter routing component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows a remote attacker to deny access to the service and to disclose database names via a crafted request.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-06-28
CVE-2018-14916
LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion.
CVSS Score
9.1
EPSS Score
0.682
Published
2019-06-28
CVE-2018-14918
LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal.
CVSS Score
7.5
EPSS Score
0.731
Published
2019-06-28
CVE-2018-17170
Grouptime Teamwire Desktop Client 1.5.1 prior to 1.9.0 on Windows allows code injection via a template, leading to remote code execution. All backend versions prior to prod-2018-11-13-15-00-42 are affected.
CVSS Score
8.1
EPSS Score
0.029
Published
2019-06-28
CVE-2018-17560
The admin interface of the Grouptime Teamwire Client 1.5.1 prior to 1.9.0 on-premises messenger server allows stored XSS. All backend versions prior to prod-2018-11-13-15-00-42 are affected.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-06-28
CVE-2018-20807
An XSS issue has been found in welcome.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1.x before 8.1R12, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 due to one of the URL parameters not being sanitized properly.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-06-28
CVE-2018-20808
An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-06-28
CVE-2018-14919
LOYTEC LGATE-902 6.3.2 devices allow XSS.
CVSS Score
6.1
EPSS Score
0.018
Published
2019-06-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved