Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2018
CVE-2018-14504
An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'foobar" onclick="alert(1)').
CVSS Score
6.1
EPSS Score
0.005
Published
2018-08-03
CVE-2018-14576
The mintTokens function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-08-03
CVE-2018-14715
The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. Therefore, attackers can predict the random number and always win the game.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-08-03
CVE-2018-14728
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.
CVSS Score
9.8
EPSS Score
0.929
Published
2018-08-03
CVE-2018-14904
Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-08-03
CVE-2018-14905
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-08-03
CVE-2018-14906
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-08-03
CVE-2018-14907
The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-08-03
CVE-2018-14908
Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-08-03
CVE-2018-7748
report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter.
CVSS Score
8.8
EPSS Score
0.03
Published
2018-08-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved