Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2017
CVE-2017-12567
SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-08-07
CVE-2017-12645
XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-08-07
CVE-2017-12646
XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-08-07
CVE-2017-12647
XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-08-07
CVE-2017-12648
XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-08-07
CVE-2017-12649
XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-08-07
CVE-2017-12477
It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.
CVSS Score
9.8
EPSS Score
0.749
Published
2017-08-07
CVE-2017-12478
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system.
CVSS Score
9.8
EPSS Score
0.718
Published
2017-08-07
CVE-2017-12479
It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could then execute arbitrary commands with root privileges.
CVSS Score
8.8
EPSS Score
0.135
Published
2017-08-07
CVE-2017-12640
ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.
CVSS Score
8.8
EPSS Score
0.009
Published
2017-08-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved