Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2018
CVE-2018-16774
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete.
CVSS Score
7.5
EPSS Score
0.005
Published
2018-09-10
CVE-2018-16764
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an IR::FunctionValidationContext::catch_all heap-based buffer over-read.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-09-10
CVE-2018-16765
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::else_.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-09-10
CVE-2018-16766
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because Errors::unreachable() is reached.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-09-10
CVE-2018-16767
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::popAndValidateOperand.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-09-10
CVE-2018-16759
The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-09
CVE-2018-16761
Eventum before 3.4.0 has an open redirect vulnerability.
CVSS Score
6.1
EPSS Score
0.019
Published
2018-09-09
CVE-2018-16762
FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-09-09
CVE-2018-16763
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
CVSS Score
9.8
EPSS Score
0.939
Published
2018-09-09
CVE-2018-16749
In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-09-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved