Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2019
CVE-2019-14817
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
CVSS Score
7.3
EPSS Score
0.004
Published
2019-09-03
CVE-2019-10197
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.
CVSS Score
6.5
EPSS Score
0.047
Published
2019-09-03
CVE-2019-13156
NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-09-03
CVE-2019-15872
The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-09-03
CVE-2019-15873
The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code.
CVSS Score
8.8
EPSS Score
0.096
Published
2019-09-03
CVE-2019-15871
The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings.
CVSS Score
4.3
EPSS Score
0.001
Published
2019-09-03
CVE-2019-15863
The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation (with the none role) via a request for variants.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-09-03
CVE-2019-15864
The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-09-03
CVE-2019-15865
The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has CSRF.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-09-03
CVE-2019-15866
The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-09-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved