Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2020
CVE-2020-14489
OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques.
CVSS Score
6.2
EPSS Score
0.001
Published
2020-07-29
CVE-2020-5612
Cross-site scripting vulnerability in KonaWiki 2.2.0 and earlier allows remote attackers to execute an arbitrary script via a specially crafted URL.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-07-29
CVE-2020-5613
Cross-site scripting vulnerability in KonaWiki 3.1.0 and earlier allows remote attackers to execute an arbitrary script via a specially crafted URL.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-07-29
CVE-2020-5614
Directory traversal vulnerability in KonaWiki 3.1.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
CVSS Score
5.3
EPSS Score
0.003
Published
2020-07-29
CVE-2020-6098
An exploitable denial of service vulnerability exists in the freeDiameter functionality of freeDiameter 1.3.2. A specially crafted Diameter request can trigger a memory corruption resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-07-28
CVE-2020-11474
NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic link attack on enumusb.reg via Support Assistant.
CVSS Score
7.8
EPSS Score
0.002
Published
2020-07-28
CVE-2020-11476
Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file.
CVSS Score
7.2
EPSS Score
0.01
Published
2020-07-28
CVE-2020-13970
Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery (SSRF) in its "Mediabrowser upload by URL" feature. This allows an authenticated user to send HTTP, HTTPS, FTP, and SFTP requests on behalf of the Shopware platform server.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-07-28
CVE-2020-13971
In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. This leads to Persistent XSS. An uploaded image can be accessed without authentication.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-07-28
CVE-2020-13997
In Shopware before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled.
CVSS Score
7.5
EPSS Score
0.01
Published
2020-07-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved