Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2018
CVE-2018-15844
An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-08-25
CVE-2018-15845
There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add.
CVSS Score
8.8
EPSS Score
0.007
Published
2018-08-25
CVE-2018-15846
An issue was discovered in fledrCMS through 2014-02-03. There is a CSRF vulnerability that can change the administrator's password via index.php?p=done&savedata=1.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-08-25
CVE-2018-15847
An issue was discovered in puppyCMS 5.1. There is an XSS vulnerability via menu.php in the "Add Page/URL" URL link field.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-08-25
CVE-2018-15848
An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-08-25
CVE-2018-15870
An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-08-25
CVE-2018-15871
An invalid memory address dereference was discovered in decompileSingleArgBuiltInFunctionCall in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-08-25
CVE-2018-15874
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-08-25
CVE-2018-15875
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-08-25
CVE-2018-15869
An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog.
CVSS Score
5.3
EPSS Score
0.006
Published
2018-08-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved