Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2018
CVE-2018-12483
OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the PHP code. Authentication is needed in order to exploit this vulnerability.
CVSS Score
8.8
EPSS Score
0.029
Published
2018-08-04
CVE-2018-14924
Matera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrated by the sca/privilegio/consultarUsuario.jsf "Nome Completo" (aka user fullname) field.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-08-03
CVE-2018-14925
Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing use of net.sf.acegisecurity components.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-08-03
CVE-2018-14926
Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-08-03
CVE-2018-14927
Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the default application folder) via the /contingency/servlet/ServletFileDownload file parameter, related to /contingency/web/receiptQuery/receiptDisplay.jsp.
CVSS Score
5.3
EPSS Score
0.004
Published
2018-08-03
CVE-2018-14928
/contingency/servlet/ServletFileDownload executes as root and provides unauthenticated access to files via the file parameter.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-08-03
CVE-2018-14929
Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/index.jsp (aka home page) url parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-08-03
CVE-2018-14923
A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-08-03
CVE-2018-3777
Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-08-03
CVE-2018-9866
A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier.
CVSS Score
9.8
EPSS Score
0.117
Published
2018-08-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved