Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2017
CVE-2017-12637
Known exploited
Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.
CVSS Score
7.5
EPSS Score
0.934
Published
2017-08-07
CVE-2017-12655
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-08-07
CVE-2014-1235
Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978.
CVSS Score
7.8
EPSS Score
0.012
Published
2017-08-07
CVE-2014-3462
The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".
CVSS Score
7.5
EPSS Score
0.011
Published
2017-08-07
CVE-2014-9827
coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.
CVSS Score
8.8
EPSS Score
0.004
Published
2017-08-07
CVE-2014-9828
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file.
CVSS Score
8.8
EPSS Score
0.005
Published
2017-08-07
CVE-2014-9830
coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file.
CVSS Score
8.8
EPSS Score
0.005
Published
2017-08-07
CVE-2014-9831
coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file.
CVSS Score
8.8
EPSS Score
0.005
Published
2017-08-07
CVE-2015-5244
The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions.
CVSS Score
9.8
EPSS Score
0.002
Published
2017-08-07
CVE-2015-5946
Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-08-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved