Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2018
CVE-2018-3787
Path traversal in simplehttpserver <v0.2.1 allows listing any file on the server.
CVSS Score
7.5
EPSS Score
0.005
Published
2018-08-31
CVE-2018-7685
The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-08-31
CVE-2018-16275
OPSWAT MetaDefender before v4.11.2 allows CSV injection.
CVSS Score
7.8
EPSS Score
0.003
Published
2018-08-31
CVE-2018-16231
Michael Roth Software Personal FTP Server (PFTP) through 8.4f allows remote attackers to cause a denial of service (daemon crash) via an unspecified sequence of FTP commands.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-08-30
CVE-2018-16233
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-08-30
CVE-2018-16234
MorningStar WhatWeb 0.4.9 has XSS via JSON report files.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-08-30
CVE-2018-16236
cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-08-30
CVE-2018-16237
An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI.
CVSS Score
2.7
EPSS Score
0.002
Published
2018-08-30
CVE-2018-16238
An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file.
CVSS Score
7.2
EPSS Score
0.022
Published
2018-08-30
CVE-2018-16239
An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies, which makes it possible to determine the cookie for an existing admin session via 10800 guesses.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-08-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved