Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2017
CVE-2017-14240
There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-09-11
CVE-2017-14241
Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php.
CVSS Score
5.4
EPSS Score
0.001
Published
2017-09-11
CVE-2017-14242
SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-09-11
CVE-2017-14247
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-09-11
CVE-2017-14248
A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-09-11
CVE-2017-14249
ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-09-11
CVE-2017-14251
Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.
CVSS Score
8.8
EPSS Score
0.035
Published
2017-09-11
CVE-2017-14252
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-09-11
CVE-2017-14257
In the SDK in Bento4 1.5.0-616, AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp contains a Read Memory Access Violation vulnerability. It is possible to exploit this vulnerability by opening a crafted .MP4 file.
CVSS Score
7.8
EPSS Score
0.002
Published
2017-09-11
CVE-2017-14258
In the SDK in Bento4 1.5.0-616, SetItemCount in Core/Ap4StscAtom.h file contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file.
CVSS Score
7.8
EPSS Score
0.005
Published
2017-09-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved