Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2018
CVE-2018-16374
Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-09-03
CVE-2018-16366
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-09-02
CVE-2018-16367
In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. A user can write a directory listing to /tmp, and can leak file data with a #include.
CVSS Score
9.9
EPSS Score
0.009
Published
2018-09-02
CVE-2018-16352
There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-09-02
CVE-2018-16353
An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the /index.php/Customer/read limit parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-09-02
CVE-2018-16354
An issue was discovered in FHCRM through 2018-02-11. There is a SQL injection via the index.php/User/read limit parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-09-02
CVE-2018-16358
A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-09-02
CVE-2018-16359
Google gVisor before 2018-08-23, within the seccomp sandbox, permits access to the renameat system call, which allows attackers to rename files on the host OS.
CVSS Score
6.8
EPSS Score
0.001
Published
2018-09-02
CVE-2018-16362
An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for MantisBT. A cross-site scripting (XSS) vulnerability in the Manage Repository and Changesets List pages allows execution of arbitrary code (if CSP settings permit it) via repo_manage_page.php or list.php.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-09-02
CVE-2018-16365
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-09-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved