Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2017
CVE-2017-11736
SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-07-29
CVE-2017-11737
interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS via the Subject and Message-Id headers, which are mishandled in the history page.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-07-29
CVE-2017-11723
Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-07-29
CVE-2017-11724
The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has memory leaks involving the quantum_info and clone_info data structures.
CVSS Score
6.5
EPSS Score
0.005
Published
2017-07-29
CVE-2017-11725
The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-07-29
CVE-2017-11728
A heap-based buffer over-read was found in the function OpCode (called from decompileSETMEMBER) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-07-29
CVE-2017-11729
A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1440) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-07-29
CVE-2017-11730
A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1474) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-07-29
CVE-2017-11731
An invalid memory read vulnerability was found in the function OpCode (called from isLogicalOp and decompileIF) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-07-29
CVE-2017-11732
A heap-based buffer overflow vulnerability was found in the function dcputs (called from decompileIMPLEMENTS) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-07-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved