Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2022
CVE-2022-22520
A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-09-14
CVE-2022-37661
SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping host feature.
CVSS Score
9.8
EPSS Score
0.454
Published
2022-09-14
CVE-2022-40674
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
CVSS Score
8.1
EPSS Score
0.006
Published
2022-09-14
CVE-2022-40626
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.
CVSS Score
4.8
EPSS Score
0.012
Published
2022-09-14
CVE-2022-40673
KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-09-14
CVE-2022-36669
Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-09-14
CVE-2022-37137
PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the view ticket function.
CVSS Score
5.4
EPSS Score
0.006
Published
2022-09-14
CVE-2022-37138
Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-09-14
CVE-2022-37139
Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-09-14
CVE-2022-37140
PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file.
CVSS Score
8.0
EPSS Score
0.038
Published
2022-09-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved