Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2020
CVE-2019-7178
Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup.
CVSS Score
7.2
EPSS Score
0.005
Published
2020-09-25
CVE-2020-11805
Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-09-25
CVE-2020-12824
Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-09-25
CVE-2020-13387
Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-09-25
CVE-2020-23837
A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a third-party site or clicks on a URL.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-09-25
CVE-2017-17477
Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-09-25
CVE-2020-13991
vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register.
CVSS Score
7.5
EPSS Score
0.011
Published
2020-09-24
CVE-2020-15160
PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8
CVSS Score
9.8
EPSS Score
0.289
Published
2020-09-24
CVE-2020-15162
In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-09-24
CVE-2020-15843
ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client\, %PROGRAMFILES%\ActiveFax\Install\ and %PROGRAMFILES%\ActiveFax\Terminal\. The folder permissions allow "Full Control" to "Everyone". An authenticated local attacker can exploit this to replace the TSClientB.exe binary in the Terminal directory, which is executed on logon for every user. Alternatively, the attacker can replace any of the binaries in the Client or Install directories. The latter requires additional user interaction, for example starting the client.
CVSS Score
7.3
EPSS Score
0.0
Published
2020-09-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved