Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2017
Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed PRE file, related to a "User Mode Write AV starting at reporter!madTraceProcess."
CVSS Score
9.8
EPSS Score
0.024
Published
2017-07-27
Reporter.exe in Acunetix 8 allows remote attackers to cause a denial of service (application crash) via a malformed PRE file, related to a "Read Access Violation starting at reporter!madTraceProcess."
CVSS Score
5.5
EPSS Score
0.002
Published
2017-07-27
The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the admin_name array parameter to admin_dir/login.php, if there is an export of an error-log entry for that invalid array index.
CVSS Score
8.8
EPSS Score
0.007
Published
2017-07-27
Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-07-27
SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php.
CVSS Score
8.8
EPSS Score
0.005
Published
2017-07-27
Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-07-27
Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-07-27
Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php.
CVSS Score
8.8
EPSS Score
0.006
Published
2017-07-27
Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) version, (2) url, or (3) rootdir parameter in hashcat.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-07-27
There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
CVSS Score
6.5
EPSS Score
0.004
Published
2017-07-27


Contact Us

Shodan ® - All rights reserved