Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2017
CVE-2013-6924
Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php.
CVSS Score
9.8
EPSS Score
0.498
Published
2017-10-11
CVE-2017-7352
Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configuration > SNMP > Add SNMP Trap Manager' screen.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-10-11
CVE-2017-15232
libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.
CVSS Score
6.5
EPSS Score
0.007
Published
2017-10-11
CVE-2017-15235
The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.
CVSS Score
7.5
EPSS Score
0.127
Published
2017-10-11
CVE-2017-15236
Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config* files and extendword.txt.
CVSS Score
7.5
EPSS Score
0.044
Published
2017-10-11
CVE-2017-15238
ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage.
CVSS Score
8.8
EPSS Score
0.006
Published
2017-10-11
CVE-2017-15208
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user.
CVSS Score
4.3
EPSS Score
0.005
Published
2017-10-11
CVE-2017-15209
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user.
CVSS Score
4.3
EPSS Score
0.005
Published
2017-10-11
CVE-2017-15210
In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user.
CVSS Score
4.3
EPSS Score
0.003
Published
2017-10-11
CVE-2017-15211
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user.
CVSS Score
4.3
EPSS Score
0.005
Published
2017-10-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved