Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2017
CVE-2017-1002150
python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection
CVSS Score
6.1
EPSS Score
0.002
Published
2017-09-14
CVE-2017-1002151
Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization
CVSS Score
7.5
EPSS Score
0.003
Published
2017-09-14
CVE-2017-1002000
Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content.
CVSS Score
9.8
EPSS Score
0.643
Published
2017-09-14
CVE-2017-1002001
Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
CVSS Score
9.8
EPSS Score
0.445
Published
2017-09-14
CVE-2017-1002002
Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/
CVSS Score
9.8
EPSS Score
0.512
Published
2017-09-14
CVE-2017-1002003
Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
CVSS Score
9.8
EPSS Score
0.477
Published
2017-09-14
CVE-2017-1002004
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query.
CVSS Score
7.5
EPSS Score
0.055
Published
2017-09-14
CVE-2017-1002005
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query.
CVSS Score
7.5
EPSS Score
0.054
Published
2017-09-14
CVE-2017-1002006
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.
CVSS Score
7.5
EPSS Score
0.046
Published
2017-09-14
CVE-2017-1002007
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.
CVSS Score
7.5
EPSS Score
0.046
Published
2017-09-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved