Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2019
CVE-2018-14494
Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardware or firmware
CVSS Score
9.8
EPSS Score
0.09
Published
2019-07-10
CVE-2019-12723
An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.
CVSS Score
9.8
EPSS Score
0.01
Published
2019-07-10
CVE-2019-10119
eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via an invalid login attempt to the RemoteApi account, aka HMCCU-154. This leads to automatic login as admin.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-07-10
CVE-2019-10120
On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16, automatic login configuration (aka setAutoLogin) can be achieved by continuing to use a session ID after a logout, aka HMCCU-154.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-07-10
CVE-2019-10121
eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.15 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via the user authentication dialogue, aka HMCCU-153. This leads to automatic login as admin.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-07-10
CVE-2019-10122
eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices before 3.43.16 have buffer overflows in the ReGa ise GmbH HTTP-Server 2.0 component, aka HMCCU-179. This may lead to remote code execution.
CVSS Score
9.8
EPSS Score
0.035
Published
2019-07-10
CVE-2018-12622
An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the field_name parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-07-10
CVE-2018-12623
An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the current_page parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-07-10
CVE-2018-12625
An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-07-10
CVE-2018-12626
An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-07-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved