Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2018
CVE-2018-17037
user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superuser level of 3.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-09-14
CVE-2018-17039
MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted URI because $_SERVER['REQUEST_URI'] is mishandled.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-14
CVE-2018-17042
An issue has been found in dbf2txt through 2012-07-19. It is a infinite loop.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-09-14
CVE-2018-17043
An issue has been found in doc2txt through 2014-03-19. It is a heap-based buffer overflow in the function Storage::init in Storage.cpp, called from parse_doc in parse_doc.cpp.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-09-14
CVE-2018-17030
BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php.
CVSS Score
7.5
EPSS Score
0.024
Published
2018-09-14
CVE-2018-17031
In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MIME type sniffing, which leads to XSS, as demonstrated by Internet Explorer, because an "X-Content-Type-Options: nosniff" header is not sent.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-14
CVE-2018-17024
admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an add_page action.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-09-13
CVE-2018-17025
admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page action for a page with no special role.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-13
CVE-2018-17026
admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page&name=error404 action, a different vulnerability than CVE-2018-10121.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-09-13
CVE-2018-10637
A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior.
CVSS Score
7.8
EPSS Score
0.005
Published
2018-09-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved