Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2018
CVE-2018-17065
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address.
CVSS Score
9.8
EPSS Score
0.007
Published
2018-09-15
CVE-2018-17066
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter.
CVSS Score
9.8
EPSS Score
0.295
Published
2018-09-15
CVE-2018-17067
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address.
CVSS Score
9.8
EPSS Score
0.007
Published
2018-09-15
CVE-2018-17068
An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter.
CVSS Score
9.8
EPSS Score
0.145
Published
2018-09-15
CVE-2018-17061
BullGuard Safe Browsing before 18.1.355.9 allows XSS on Google, Bing, and Yahoo! pages via domains indexed in search results.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-09-15
CVE-2018-16287
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.
CVSS Score
9.8
EPSS Score
0.026
Published
2018-09-14
CVE-2018-16288
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.
CVSS Score
8.6
EPSS Score
0.622
Published
2018-09-14
CVE-2018-16706
LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080.
CVSS Score
7.5
EPSS Score
0.038
Published
2018-09-14
CVE-2017-16639
Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. User interaction is required to trigger this vulnerability.
CVSS Score
4.3
EPSS Score
0.008
Published
2018-09-14
CVE-2018-10763
Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-09-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved