Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2017
CVE-2015-2826
WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information.
CVSS Score
5.3
EPSS Score
0.432
Published
2017-09-20
CVE-2015-2927
node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption).
CVSS Score
6.5
EPSS Score
0.013
Published
2017-09-20
CVE-2015-3890
Use-after-free vulnerability in Open Litespeed before 1.3.10.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-09-20
CVE-2015-4707
Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.
CVSS Score
6.1
EPSS Score
0.008
Published
2017-09-20
CVE-2015-5395
Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.
CVSS Score
8.8
EPSS Score
0.004
Published
2017-09-20
CVE-2016-6795
In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.
CVSS Score
9.8
EPSS Score
0.125
Published
2017-09-20
CVE-2016-8738
In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.
CVSS Score
5.9
EPSS Score
0.006
Published
2017-09-20
CVE-2017-12611
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
CVSS Score
9.8
EPSS Score
0.943
Published
2017-09-20
CVE-2017-14607
In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
CVSS Score
8.1
EPSS Score
0.017
Published
2017-09-20
CVE-2017-14608
In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
CVSS Score
9.1
EPSS Score
0.004
Published
2017-09-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved