Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2018
CVE-2018-17611
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-09-28
CVE-2018-17574
An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the name field of a project.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-09-28
CVE-2018-17575
SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-09-28
CVE-2018-17580
A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a crafted pcap file.
CVSS Score
7.1
EPSS Score
0.002
Published
2018-09-28
CVE-2018-17581
CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-09-28
CVE-2018-17571
Vanilla before 2.6.1 allows XSS via the email field of a profile.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-28
CVE-2018-17573
The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and fckeditor/editor/filemanager/connectors/uploadtest.html.
CVSS Score
9.8
EPSS Score
0.021
Published
2018-09-28
CVE-2018-17385
SQL Injection exists in the Social Factory 3.8.3 component for Joomla! via the radius[lat], radius[lng], or radius[radius] parameter.
CVSS Score
9.8
EPSS Score
0.03
Published
2018-09-28
CVE-2018-17391
SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter.
CVSS Score
9.8
EPSS Score
0.03
Published
2018-09-28
CVE-2018-17394
SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter.
CVSS Score
9.8
EPSS Score
0.03
Published
2018-09-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved