Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2018
CVE-2017-15408
Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.
CVSS Score
8.8
EPSS Score
0.012
Published
2018-08-28
CVE-2017-15407
Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server.
CVSS Score
8.8
EPSS Score
0.021
Published
2018-08-28
CVE-2018-3926
An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory, leading to an infinite loop, which eventually causes the process to crash. An attacker can send an HTTP request to trigger this vulnerability.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-08-28
CVE-2014-6047
phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks.
CVSS Score
5.3
EPSS Score
0.047
Published
2018-08-28
CVE-2014-6048
phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request.
CVSS Score
5.3
EPSS Score
0.06
Published
2018-08-28
CVE-2014-6049
phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter.
CVSS Score
2.7
EPSS Score
0.015
Published
2018-08-28
CVE-2014-6050
phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request.
CVSS Score
5.3
EPSS Score
0.049
Published
2018-08-28
CVE-2018-15529
A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload.
CVSS Score
8.8
EPSS Score
0.346
Published
2018-08-28
CVE-2018-15571
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection.
CVSS Score
8.6
EPSS Score
0.003
Published
2018-08-28
CVE-2018-15839
D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header.
CVSS Score
9.8
EPSS Score
0.511
Published
2018-08-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved