Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2021
CVE-2020-21359
An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name.
CVSS Score
9.8
EPSS Score
0.011
Published
2021-08-11
CVE-2020-21362
A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-08-11
CVE-2020-21363
An arbitrary file deletion vulnerability exists within Maccms10.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-08-11
CVE-2020-25560
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server. We also observed the same is true if the JSESSIONID is completely removed.
CVSS Score
9.8
EPSS Score
0.009
Published
2021-08-11
CVE-2021-32439
Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
CVSS Score
7.8
EPSS Score
0.004
Published
2021-08-11
CVE-2021-32440
The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-08-11
CVE-2021-33793
Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion.
CVSS Score
9.8
EPSS Score
0.0
Published
2021-08-11
CVE-2021-33794
Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction.
CVSS Score
9.1
EPSS Score
0.0
Published
2021-08-11
CVE-2021-32437
The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-08-11
CVE-2021-32438
The gf_media_export_filters function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-08-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved