Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2019
CVE-2019-16294
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.
CVSS Score
7.8
EPSS Score
0.13
Published
2019-09-14
CVE-2019-16309
FlameCMS 3.3.5 has SQL injection in account/login.php via accountName.
CVSS Score
9.8
EPSS Score
0.459
Published
2019-09-14
CVE-2019-16310
NIUSHOP V1.11 has XSS via the index.php?s=/admin URI.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-09-14
CVE-2019-16311
NIUSHOP V1.11 has CSRF via search_info to index.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-09-14
CVE-2019-16312
s-cms V3.0 has XSS in index.php?type=text via the S_id parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-09-14
CVE-2019-16313
ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code.
CVSS Score
7.5
EPSS Score
0.939
Published
2019-09-14
CVE-2019-16314
Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2.
CVSS Score
9.8
EPSS Score
0.5
Published
2019-09-14
CVE-2019-16305
In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-09-14
CVE-2019-16303
A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). This allows an attacker (if able to obtain their own password reset URL) to compute the value for all other password resets for other accounts, thus allowing privilege escalation or account takeover.
CVSS Score
9.8
EPSS Score
0.019
Published
2019-09-14
CVE-2019-5484
Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-09-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved