Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2017
CVE-2017-14761
In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-09-27
CVE-2017-14762
In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-09-27
CVE-2017-14763
In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme.
CVSS Score
8.8
EPSS Score
0.007
Published
2017-09-27
CVE-2017-14764
In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module.
CVSS Score
8.8
EPSS Score
0.008
Published
2017-09-27
CVE-2017-14765
In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-09-27
CVE-2017-14766
The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fn_ssr_add_st_submit() function and fn_ssr_del_st_submit() function in functions.php only require knowing the student id number.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-09-27
CVE-2017-14767
The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file.
CVSS Score
8.8
EPSS Score
0.006
Published
2017-09-27
CVE-2017-14753
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/index.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-09-27
CVE-2017-14751
The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-09-26
CVE-2017-14749
JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data.
CVSS Score
7.8
EPSS Score
0.008
Published
2017-09-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved