Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2023
CVE-2023-0956
External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system.
CVSS Score
7.5
EPSS Score
0.006
Published
2023-08-03
CVE-2023-38942
Dango-Translator v4.5.5 was discovered to contain a remote command execution (RCE) vulnerability via the component app/config/cloud_config.json.
CVSS Score
9.8
EPSS Score
0.046
Published
2023-08-03
CVE-2023-32764
Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-08-03
CVE-2023-35081
Known exploited
A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.
CVSS Score
7.2
EPSS Score
0.921
Published
2023-08-03
CVE-2023-36217
Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function.
CVSS Score
9.0
EPSS Score
0.082
Published
2023-08-03
CVE-2023-39075
Renault Zoe EV 2021 automotive infotainment system versions 283C35202R to 283C35519R (builds 11.10.2021 to 16.01.2023) allows attackers to crash the infotainment system by sending arbitrary USB data via a USB device.
CVSS Score
4.6
EPSS Score
0.0
Published
2023-08-03
CVE-2023-4145
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-08-03
CVE-2023-25524
NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user's address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure.
CVSS Score
4.0
EPSS Score
0.002
Published
2023-08-03
CVE-2023-36213
SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function.
CVSS Score
9.8
EPSS Score
0.005
Published
2023-08-03
CVE-2023-38947
An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-08-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved