Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2017
CVE-2017-11494
SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action.
CVSS Score
9.8
EPSS Score
0.028
Published
2017-08-02
CVE-2017-12138
XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter.
CVSS Score
6.1
EPSS Score
0.131
Published
2017-08-02
CVE-2017-12139
XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-08-02
CVE-2017-12140
The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-08-02
CVE-2017-12141
In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-08-02
CVE-2017-12142
In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-08-02
CVE-2017-12143
In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_info in lqt_quicktime.c, which allows attackers to cause a denial of service via a crafted file.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-08-02
CVE-2017-12144
In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-08-02
CVE-2017-12145
In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_ftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-08-02
CVE-2017-12199
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, image_update_order list-item, tag_group_update_order list_item, category_products_update_order category-product-item, custom_fields_update_order field-item, categories_update_order category-item, subcategories_update_order subcategory-item, and tags_update_order tag-list-item.
CVSS Score
9.8
EPSS Score
0.027
Published
2017-08-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved