Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2023
CVE-2023-25584
An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-09-14
CVE-2023-25585
A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.
CVSS Score
4.7
EPSS Score
0.0
Published
2023-09-14
CVE-2023-25586
A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.
CVSS Score
4.7
EPSS Score
0.0
Published
2023-09-14
CVE-2023-25588
A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.
CVSS Score
4.7
EPSS Score
0.0
Published
2023-09-14
CVE-2023-37756
I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack.
CVSS Score
9.8
EPSS Score
0.066
Published
2023-09-14
CVE-2023-38912
SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter.
CVSS Score
9.8
EPSS Score
0.041
Published
2023-09-14
CVE-2023-41156
A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the save to new folder named field while creating a new filter.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-09-14
CVE-2023-41159
A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML by editing the forward file manually.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-09-14
CVE-2023-41160
A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-09-14
CVE-2023-42362
An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-09-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved