Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2019
CVE-2019-14787
The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-09
CVE-2019-14792
The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-08-09
CVE-2019-14793
The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id parameter.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-08-09
CVE-2019-14799
The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS.
CVSS Score
6.1
EPSS Score
0.03
Published
2019-08-09
CVE-2016-10865
The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-08-09
CVE-2019-14234
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.
CVSS Score
9.8
EPSS Score
0.207
Published
2019-08-09
CVE-2019-14312
Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.
CVSS Score
6.5
EPSS Score
0.409
Published
2019-08-09
CVE-2019-14783
On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, FotaAgent allows a malicious application to create privileged files. The Samsung ID is SVE-2019-14764.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-08-08
CVE-2016-10862
Neet AirStream NAS1.1 devices have a password of ifconfig for the root account. This cannot be changed via the configuration page.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-08
CVE-2016-10863
Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with resultant PSK key disclosure.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved