Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2018
CVE-2018-16968
Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal.
CVSS Score
3.1
EPSS Score
0.035
Published
2018-09-26
CVE-2018-16969
Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message.
CVSS Score
4.3
EPSS Score
0.002
Published
2018-09-26
CVE-2018-17081
e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.
CVSS Score
4.3
EPSS Score
0.002
Published
2018-09-26
CVE-2018-17215
An information-disclosure issue was discovered in Postman through 6.3.0. It validates a server's X.509 certificate and presents an error if the certificate is not valid. Unfortunately, the associated HTTPS request data is sent anyway. Only the response is not displayed. Thus, all contained information of the HTTPS request is disclosed to a man-in-the-middle attacker (for example, user credentials).
CVSS Score
8.1
EPSS Score
0.002
Published
2018-09-26
CVE-2017-15608
Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-09-26
CVE-2018-15836
In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2 signature verification is affected when RAW RSA keys are used.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-09-26
CVE-2018-17555
The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGet oids parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-09-26
CVE-2018-17556
MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-09-26
CVE-2018-14809
Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution.
CVSS Score
9.8
EPSS Score
0.013
Published
2018-09-26
CVE-2018-14811
Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution.
CVSS Score
9.8
EPSS Score
0.028
Published
2018-09-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved