Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2018
CVE-2018-16406
An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-09-03
CVE-2018-16407
An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-09-03
CVE-2018-16397
In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file,
CVSS Score
4.9
EPSS Score
0.004
Published
2018-09-03
CVE-2018-16391
Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVSS Score
6.8
EPSS Score
0.001
Published
2018-09-03
CVE-2018-16392
Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVSS Score
6.8
EPSS Score
0.001
Published
2018-09-03
CVE-2018-16393
Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
CVSS Score
6.8
EPSS Score
0.001
Published
2018-09-03
CVE-2018-16382
Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-09-03
CVE-2018-16384
A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed.
CVSS Score
7.5
EPSS Score
0.001
Published
2018-09-03
CVE-2018-16385
ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-09-03
CVE-2018-16387
An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-09-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved