Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2018
CVE-2018-1719
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certain conditions. This could result in a downgrade of TLS protocol. A remote attacker could exploit this vulnerability to perform man-in-the-middle attacks. IBM X-Force ID: 147292.
CVSS Score
5.9
EPSS Score
0.003
Published
2018-09-14
CVE-2018-1791
IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. By submitting suitable payloads, an attacker could exploit this vulnerability to induce the Connections server to attack other systems. IBM X-Force ID: 148946.
CVSS Score
4.9
EPSS Score
0.002
Published
2018-09-14
CVE-2018-17044
In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-09-14
CVE-2018-17045
An issue was discovered in CMS MaeloStore V.1.5.0. There is a CSRF vulnerability that can change the administrator password via admin/modul/users/aksi_users.php?act=update.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-09-14
CVE-2018-17046
translate man before 2018-08-21 has XSS via containers/outputBox/outputBox.vue and store/index.js.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-14
CVE-2018-17049
CQU-LANKERS through 2017-11-02 has XSS via the public/api.php callback parameter in an uploadpic action.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-09-14
CVE-2018-17051
K-Net Cisco Configuration Manager through 2014-11-19 has XSS via devices.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-14
CVE-2018-17034
UCMS 1.4.6 has XSS via the install/index.php mysql_dbname parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-14
CVE-2018-17035
UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-09-14
CVE-2018-17036
An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-09-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved