Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2019
CVE-2019-15556
Pvanloon1983 social_network before 2019-07-03 allows SQL injection in includes/form_handlers/register_handler.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-08-26
CVE-2019-15561
FlashLingo before 2019-06-12 allows SQL injection, related to flashlingo.js and db.js.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-08-26
CVE-2019-15562
GORM before 1.9.10 allows SQL injection via incomplete parentheses. NOTE: Misusing Gorm by passing untrusted user input where Gorm expects trusted SQL fragments is a vulnerability in the application, not in Gorm
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-26
CVE-2016-10932
An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-08-26
CVE-2016-10933
An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP.
CVSS Score
5.9
EPSS Score
0.002
Published
2019-08-26
CVE-2017-18587
An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-08-26
CVE-2016-10931
An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification.
CVSS Score
8.1
EPSS Score
0.002
Published
2019-08-26
CVE-2019-15478
Status Board 1.1.81 has reflected XSS via logic.ts.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-26
CVE-2019-15489
laracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-26
CVE-2019-15506
An issue was discovered in Kaseya Virtual System Administrator (VSA) through 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted requests to the web application and download sensitive files and information. For example, the /DATAREPORTS directory can be farmed for reports. Because this directory contains the results of reports such as NMAP, Patch Status, and Active Directory domain metadata, an attacker can easily collect this critical information and parse it for information. There are a number of directories affected.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-08-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved