Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2017
CVE-2015-3450
Heap-based buffer overflow in libaxl 0.6.9 allows attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted XML document.
CVSS Score
8.8
EPSS Score
0.006
Published
2017-09-06
CVE-2015-3454
TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack.
CVSS Score
7.5
EPSS Score
0.018
Published
2017-09-06
CVE-2015-5186
Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.
CVSS Score
5.3
EPSS Score
0.005
Published
2017-09-06
CVE-2015-5705
Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.
CVSS Score
7.5
EPSS Score
0.008
Published
2017-09-06
CVE-2015-5947
SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code.
CVSS Score
8.1
EPSS Score
0.029
Published
2017-09-06
CVE-2015-5948
Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947.
CVSS Score
8.1
EPSS Score
0.022
Published
2017-09-06
CVE-2015-5959
Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log.
CVSS Score
9.8
EPSS Score
0.015
Published
2017-09-06
CVE-2015-6250
simple-php-captcha before commit 9d65a945029c7be7bb6bc893759e74c5636be694 allows remote attackers to automatically generate the captcha response by running the same code on the client-side.
CVSS Score
5.3
EPSS Score
0.002
Published
2017-09-06
CVE-2015-7225
Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password (aka OTP), which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP through performing a man-in-the-middle attack between the provider and verifier, or shoulder surfing, and replaying the OTP in the current time-step.
CVSS Score
5.3
EPSS Score
0.007
Published
2017-09-06
CVE-2015-7241
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.
CVSS Score
9.8
EPSS Score
0.274
Published
2017-09-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved