Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2017
CVE-2017-11320
Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-08-03
CVE-2017-11721
Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet.
CVSS Score
9.8
EPSS Score
0.032
Published
2017-08-03
CVE-2017-7442
Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences.
CVSS Score
8.8
EPSS Score
0.69
Published
2017-08-03
CVE-2017-11383
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560.
CVSS Score
9.8
EPSS Score
0.072
Published
2017-08-02
CVE-2017-11384
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN-4561.
CVSS Score
9.8
EPSS Score
0.072
Published
2017-08-02
CVE-2017-11385
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN-4545.
CVSS Score
9.8
EPSS Score
0.072
Published
2017-08-02
CVE-2017-11386
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Formerly ZDI-CAN-4549.
CVSS Score
9.8
EPSS Score
0.072
Published
2017-08-02
CVE-2017-11387
Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-CAN-4512.
CVSS Score
7.5
EPSS Score
0.021
Published
2017-08-02
CVE-2017-11388
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Formerly ZDI-CAN-4639 and ZDI-CAN-4638.
CVSS Score
8.8
EPSS Score
0.078
Published
2017-08-02
CVE-2017-11389
Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Formerly ZDI-CAN-4684.
CVSS Score
9.8
EPSS Score
0.077
Published
2017-08-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved