Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2019
CVE-2019-16126
Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images.
CVSS Score
6.1
EPSS Score
0.006
Published
2019-09-09
CVE-2019-16117
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php.
CVSS Score
6.1
EPSS Score
0.016
Published
2019-09-08
CVE-2019-16118
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php.
CVSS Score
6.1
EPSS Score
0.026
Published
2019-09-08
CVE-2019-16119
SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.
CVSS Score
9.8
EPSS Score
0.294
Published
2019-09-08
CVE-2019-16120
CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature.
CVSS Score
8.8
EPSS Score
0.029
Published
2019-09-08
CVE-2019-16115
In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-09-08
CVE-2019-16113
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
CVSS Score
8.8
EPSS Score
0.9
Published
2019-09-08
CVE-2019-16109
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmation_token, if a database record has a blank value in the confirmation_token column. (However, there is no scenario within Devise itself in which such database records would exist.)
CVSS Score
5.3
EPSS Score
0.003
Published
2019-09-08
CVE-2019-16103
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature.
CVSS Score
7.2
EPSS Score
0.007
Published
2019-09-08
CVE-2019-16104
Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved