Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2017
CVE-2015-3932
Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-07-21
CVE-2015-4639
Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-07-21
CVE-2015-5194
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.
CVSS Score
7.5
EPSS Score
0.118
Published
2017-07-21
CVE-2015-5195
ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.
CVSS Score
7.5
EPSS Score
0.104
Published
2017-07-21
CVE-2015-5219
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
CVSS Score
7.5
EPSS Score
0.036
Published
2017-07-21
CVE-2015-5300
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
CVSS Score
7.5
EPSS Score
0.178
Published
2017-07-21
CVE-2017-10993
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
CVSS Score
8.8
EPSS Score
0.008
Published
2017-07-21
CVE-2017-9930
Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by a request to ajax.cgi that enables UPnP.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-07-21
CVE-2017-9931
Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by the action parameter to ajax.cgi.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-07-21
CVE-2017-9932
Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-07-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved