Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2018
CVE-2018-16750
In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-09-09
CVE-2018-16736
In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings).
CVSS Score
5.4
EPSS Score
0.003
Published
2018-09-09
CVE-2018-16724
An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-09-08
CVE-2018-16725
An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash component."
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-08
CVE-2018-16730
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-08
CVE-2018-16731
CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-09-08
CVE-2018-16732
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-09-08
CVE-2018-16733
In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-09-08
CVE-2018-16715
An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program executable (EXE) or dynamically loadable library (DLL) files, causing elevated (SYSTEM) user access. Configuration control files or data files under this folder could also be similarly modified to affect service process behavior.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-09-08
CVE-2018-16454
PHP Scripts Mall Currency Converter Script 2.0.5 allows remote attackers to cause a denial of service (web-interface change) via an inverted comma.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-09-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved