Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2023
CVE-2023-36162
Cross Site Request Forgery vulnerability in ZZCMS v.2023 and earlier allows a remote attacker to gain privileges via the add function in adminlist.php.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-07-03
CVE-2023-36183
Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-07-03
CVE-2023-36222
Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-07-03
CVE-2023-36223
Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the announcements parameter in the settings function.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-07-03
CVE-2023-36258
An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used.
CVSS Score
9.8
EPSS Score
0.005
Published
2023-07-03
CVE-2023-36291
Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a remote attacker to execute arbitrary code via the f_content parameter in the admin/page_new file.
CVSS Score
6.1
EPSS Score
0.005
Published
2023-07-03
CVE-2023-36377
Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-07-03
CVE-2023-36610
​The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-07-03
CVE-2023-36608
The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-07-03
CVE-2023-36609
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-07-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved