Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2018
CVE-2018-14938
An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service).
CVSS Score
9.1
EPSS Score
0.005
Published
2018-08-05
CVE-2018-14936
The Add page option in my little forum 2.4.12 allows XSS via the Title field.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-08-05
CVE-2018-14937
The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-08-05
CVE-2018-14933
Known exploited
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
CVSS Score
9.8
EPSS Score
0.938
Published
2018-08-04
CVE-2018-14417
A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root permissions.
CVSS Score
9.8
EPSS Score
0.719
Published
2018-08-04
CVE-2018-14473
OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service.
CVSS Score
9.1
EPSS Score
0.028
Published
2018-08-04
CVE-2018-14497
Tenda D152 ADSL routers allow XSS via a crafted SSID.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-08-04
CVE-2018-14541
PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-08-04
CVE-2018-14593
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL.
CVSS Score
8.8
EPSS Score
0.007
Published
2018-08-04
CVE-2018-12482
OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues.
CVSS Score
8.8
EPSS Score
0.017
Published
2018-08-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved