Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2018
CVE-2018-0672
Cross-site scripting vulnerability in Movable Type versions prior to Ver. 6.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-04
CVE-2018-0664
A vulnerability in NoMachine App for Android 5.0.63 and earlier allows attackers to alter environment variables via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-09-04
CVE-2018-0656
Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVSS Score
7.8
EPSS Score
0.003
Published
2018-09-04
CVE-2018-0646
Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors.
CVSS Score
7.8
EPSS Score
0.016
Published
2018-09-04
CVE-2018-14627
The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: <transport-config confidentiality="required" trust-in-target="supported"/>
CVSS Score
5.3
EPSS Score
0.002
Published
2018-09-04
CVE-2018-16458
An issue was discovered in baigo CMS v2.1.1. There is an index.php?m=article&c=request CSRF that can cause publication of any article.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-09-04
CVE-2018-16450
CraftedWeb through 2013-09-24 has reflected XSS via the p parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-04
CVE-2018-16444
An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter.
CVSS Score
9.1
EPSS Score
0.003
Published
2018-09-04
CVE-2018-16445
An issue was discovered in SeaCMS through 6.61. SQL injection exists via the tid parameter in an adm1n/admin_topic_vod.php request.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-09-04
CVE-2018-16446
An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via directory traversal sequences in the bakfiles parameter. This can allow the product to be reinstalled by deleting install_lock.txt.
CVSS Score
7.5
EPSS Score
0.009
Published
2018-09-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved