Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2019
CVE-2019-14911
An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-09-20
CVE-2019-14912
An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-09-20
CVE-2019-14913
An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel.
CVSS Score
5.4
EPSS Score
0.0
Published
2019-09-20
CVE-2019-14914
An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal.
CVSS Score
9.1
EPSS Score
0.007
Published
2019-09-20
CVE-2019-14915
An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-09-20
CVE-2019-16531
LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-09-20
CVE-2019-9717
In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-09-19
CVE-2019-9719
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because “no evidence of a vulnerability is provided” and only “a generic warning from a static code analysis” is provided
CVSS Score
8.8
EPSS Score
0.005
Published
2019-09-19
CVE-2019-9720
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-09-19
CVE-2019-16525
An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code.
CVSS Score
6.1
EPSS Score
0.072
Published
2019-09-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved