Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2018
CVE-2018-14364
GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.
CVSS Score
9.8
EPSS Score
0.393
Published
2018-07-18
CVE-2018-14387
An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web application and record the associated session identifier. The attacker then causes the victim to authenticate against the server using the same session identifier. The attacker can access the user's account through the active session. The Session Fixation attack fixes a session on the victim's browser, so the attack starts before the user logs in.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-07-18
CVE-2018-14388
joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2018-07-18
CVE-2018-14389
joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-07-18
CVE-2018-12429
JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-07-18
CVE-2018-14082
PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Scripting (XSS) via the search bar.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-07-18
CVE-2018-7546
wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 allows remote attackers to cause a denial of service via a crafted pdf file.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-07-18
CVE-2018-10616
ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-07-18
CVE-2018-10877
Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.
CVSS Score
7.3
EPSS Score
0.003
Published
2018-07-18
CVE-2018-14380
In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-07-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved