Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2018
CVE-2018-14420
MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-07-20
CVE-2018-14421
SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /details/index.php. This can also be exploited through CSRF.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-07-20
CVE-2018-14422
blog/index.php in SansCMS 0.7 has XSS via the q parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-07-20
CVE-2017-18343
The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar
CVSS Score
6.1
EPSS Score
0.005
Published
2018-07-20
CVE-2018-14434
ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-07-20
CVE-2018-14435
ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-07-20
CVE-2018-14436
ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-07-20
CVE-2018-14437
ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-07-20
CVE-2018-14438
In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily.
CVSS Score
7.5
EPSS Score
0.001
Published
2018-07-20
CVE-2018-14439
espritblock eos4j, an unofficial SDK for EOS, through 2018-07-12 mishandles floating-point numbers with more than four digits after the decimal point, which might allow attackers to trigger currency transfers of unintended amounts.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-07-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved