Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2018
CVE-2018-12148
Privilege escalation in file permissions in Intel Driver and Support Assistant before 3.5.0.1 may allow an authenticated user to potentially execute code as administrator via local access.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-09-12
CVE-2018-12149
Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-09-12
CVE-2018-7572
Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network connectivity, and trigger a connection to a crafted proxy server with an invalid SSL certificate that allows certification-manager access, leading to the ability to browse local files and execute local programs.
CVSS Score
6.8
EPSS Score
0.0
Published
2018-09-12
CVE-2018-16727
razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-09-12
CVE-2018-16728
feindura 2.0.7 allows XSS via the tags field of a new page created at index.php?category=0&page=new.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-09-12
CVE-2018-16729
Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-09-12
CVE-2018-15834
In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-09-12
CVE-2018-16388
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
CVSS Score
7.2
EPSS Score
0.008
Published
2018-09-12
CVE-2018-16389
e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-09-12
CVE-2018-16605
D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configuration page.
CVSS Score
5.4
EPSS Score
0.004
Published
2018-09-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved