Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2019
CVE-2016-10879
The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-08-12
CVE-2017-18506
The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-08-12
CVE-2017-18508
The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-08-12
CVE-2019-14932
The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to access all candidates' information on the website via a modified selApp variable to personalData/resumeDetail.cfm. This includes personal information and other sensitive data.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-12
CVE-2019-14940
In Storage Performance Development Kit (SPDK) before 19.07, a user of a vhost can cause a crash if the target is sent invalid input.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-08-12
CVE-2019-14939
An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-08-12
CVE-2019-14935
3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA%\3CXPhone for Windows\PhoneApp" installation directory, allowing Full Control access for Everyone, and leading to privilege escalation because of a StartUp link.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-08-12
CVE-2019-14934
An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write.
CVSS Score
7.8
EPSS Score
0.004
Published
2019-08-11
CVE-2019-14933
Bagisto 0.1.5 allows CSRF under /admin URIs.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-11
CVE-2019-14924
An issue was discovered in GCDWebServer before 3.5.3. The method moveItem in the GCDWebUploader class checks the FileExtension of newAbsolutePath but not oldAbsolutePath. By leveraging this vulnerability, an adversary can make an inaccessible file be available (the credential of the app, for instance).
CVSS Score
7.5
EPSS Score
0.004
Published
2019-08-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved