Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2017
Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application.
CVSS Score
8.0
EPSS Score
0.002
Published
2017-07-19
Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-07-19
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-07-19
phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO to the search/tag/ URI.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-07-19
The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The router is not validating the session token while returning answers for some methods in url '/api'. An attacker can use this vulnerability to retrieve sensitive information such as private/public IP addresses, SSID names, and passwords.
CVSS Score
9.8
EPSS Score
0.173
Published
2017-07-19
D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection.
CVSS Score
9.8
EPSS Score
0.008
Published
2017-07-19
In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-07-19
In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter.
CVSS Score
4.9
EPSS Score
0.009
Published
2017-07-19
The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-07-19
Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
CVSS Score
9.8
EPSS Score
0.786
Published
2017-07-19


Contact Us

Shodan ® - All rights reserved