Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2019
CVE-2019-16140
An issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during buffer conversion.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-09-09
CVE-2019-16141
An issue was discovered in the once_cell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-09-09
CVE-2019-16142
An issue was discovered in the renderdoc crate before 0.5.0 for Rust. Multiple exposed methods take self by immutable reference, which is incompatible with a multi-threaded application.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-09-09
CVE-2019-16130
YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.php via a name field to /contact.html.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-09
CVE-2019-16131
framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary File Upload Vulnerability because a .php file from a ZIP archive can be written to /data/cache/.
CVSS Score
8.8
EPSS Score
0.165
Published
2019-09-09
CVE-2019-16132
An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control.php allows remote attackers to delete arbitrary files via a title directory-traversal pathname followed by a crafted substring.
CVSS Score
6.5
EPSS Score
0.068
Published
2019-09-09
CVE-2019-16133
An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacker sends a jsessionid value for URIs under app/profile/summary/.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-09-09
CVE-2019-16123
In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure.
CVSS Score
7.5
EPSS Score
0.367
Published
2019-09-09
CVE-2019-16124
In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code.
CVSS Score
9.8
EPSS Score
0.021
Published
2019-09-09
CVE-2019-16125
In Jobberbase 2.0, the parameter category is not sanitized in public/page_subscribe.php, leading to /subscribe SQL injection.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-09-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved