Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2019
CVE-2019-13648
In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-07-19
CVE-2019-13971
OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-07-19
CVE-2019-13972
LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-07-19
CVE-2019-13973
LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-07-19
CVE-2019-13974
LayerBB 1.1.3 allows conversations.php/cmd/new CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-07-19
CVE-2019-13977
index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=.
CVSS Score
5.4
EPSS Score
0.004
Published
2019-07-19
CVE-2019-13978
Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-07-19
CVE-2019-13969
Metinfo 6.x allows SQL Injection via the id parameter in an admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1 request.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-07-19
CVE-2019-13970
In antSword before 2.1.0, self-XSS in the database configuration leads to code execution via modules/database/asp/index.js, modules/database/custom/index.js, modules/database/index.js, or modules/database/php/index.js.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-07-19
CVE-2019-7843
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Insufficient input validation vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
CVSS Score
7.5
EPSS Score
0.045
Published
2019-07-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved