Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2017
CVE-2015-3654
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649.
CVSS Score
7.2
EPSS Score
0.009
Published
2017-08-29
CVE-2015-3655
Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-08-29
CVE-2015-3656
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks.
CVSS Score
7.2
EPSS Score
0.008
Published
2017-08-29
CVE-2015-3657
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors.
CVSS Score
7.2
EPSS Score
0.008
Published
2017-08-29
CVE-2015-4649
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654.
CVSS Score
7.2
EPSS Score
0.009
Published
2017-08-29
CVE-2015-5209
Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.
CVSS Score
7.5
EPSS Score
0.036
Published
2017-08-29
CVE-2015-6588
Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Revolution before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-08-29
CVE-2015-6942
Cross-site scripting (XSS) vulnerability in Coremail XT3.0 allows remote attackers to inject arbitrary web script or HTML via a hyperlink in a document attachment.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-08-29
CVE-2015-7255
ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.
CVSS Score
7.5
EPSS Score
0.008
Published
2017-08-29
CVE-2015-7517
Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php or (2) class-doifd-landing-page.php in public/includes/.
CVSS Score
9.8
EPSS Score
0.038
Published
2017-08-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved