Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2017
CVE-2017-9609
Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php.
CVSS Score
5.4
EPSS Score
0.012
Published
2017-07-17
CVE-2017-9669
A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file.
CVSS Score
7.8
EPSS Score
0.044
Published
2017-07-17
CVE-2017-9671
A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block.
CVSS Score
7.8
EPSS Score
0.044
Published
2017-07-17
CVE-2017-9810
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.
CVSS Score
8.8
EPSS Score
0.011
Published
2017-07-17
CVE-2017-9811
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root.
CVSS Score
9.8
EPSS Score
0.247
Published
2017-07-17
CVE-2017-9812
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges.
CVSS Score
7.5
EPSS Score
0.272
Published
2017-07-17
CVE-2017-9813
In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS).
CVSS Score
6.1
EPSS Score
0.029
Published
2017-07-17
CVE-2017-9933
Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.
CVSS Score
7.5
EPSS Score
0.0
Published
2017-07-17
CVE-2017-9934
Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-07-17
CVE-2017-11127
Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-07-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved