Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2018
CVE-2018-16375
An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-09-03
CVE-2018-16376
An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
CVSS Score
8.8
EPSS Score
0.006
Published
2018-09-03
CVE-2018-16379
Ogma CMS 0.4 Beta has XSS via the "Footer Text footer" field on the "Theme/Theme Options" screen.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-09-03
CVE-2018-16380
An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=createnew that can add an admin account.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-09-03
CVE-2018-16368
SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
CVSS Score
5.5
EPSS Score
0.004
Published
2018-09-03
CVE-2018-16369
XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453.
CVSS Score
5.5
EPSS Score
0.008
Published
2018-09-03
CVE-2018-16370
In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive.
CVSS Score
9.8
EPSS Score
0.013
Published
2018-09-03
CVE-2018-16371
PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter: g=Team&m=User&a=index&keyword=, g=Team&m=User_group&a=index&keyword=, g=Team&m=Department&a=index&keyword=, and g=Team&m=Bulletin&a=index&keyword=.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-03
CVE-2018-16372
The issue was discovered in IdeaCMS through 2016-04-30. There is reflected XSS via the index.php?c=content&a=search kw parameter. NOTE: this product is discontinued.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-03
CVE-2018-16373
Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save.
CVSS Score
4.9
EPSS Score
0.003
Published
2018-09-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved