Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2021
CVE-2021-37555
TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the default password of 059AnkJ for the root account. The user can then download the filesystem through preinstalled BusyBox utilities (e.g., tar and nc).
CVSS Score
9.8
EPSS Score
0.004
Published
2021-07-26
CVE-2020-23240
Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature.
CVSS Score
4.8
EPSS Score
0.005
Published
2021-07-26
CVE-2020-23241
Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature.
CVSS Score
4.8
EPSS Score
0.005
Published
2021-07-26
CVE-2020-23242
Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-07-26
CVE-2020-23243
Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-07-26
CVE-2020-17952
A remote code execution (RCE) vulnerability in /library/think/App.php of Twothink v2.0 allows attackers to execute arbitrary PHP code.
CVSS Score
9.8
EPSS Score
0.022
Published
2021-07-26
CVE-2020-18169
A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. See reference document for more details
CVSS Score
7.8
EPSS Score
0.001
Published
2021-07-26
CVE-2020-18170
An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager Version 7.14301.0.0 allows attackers to escalate privileges via a change in permissions.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-07-26
CVE-2020-18171
TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. NOTE: This implies that Snagit's use of OLE is a security vulnerability unto itself and it is not. See reference document for more details
CVSS Score
8.8
EPSS Score
0.0
Published
2021-07-26
CVE-2020-18172
A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privileges.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-07-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved