Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2020
CVE-2020-27974
NeoPost Mail Accounting Software Pro 5.0.6 allows php/Commun/FUS_SCM_BlockStart.php?code= XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-10-28
CVE-2020-27975
osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-10-28
CVE-2020-27976
osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option.
CVSS Score
9.8
EPSS Score
0.2
Published
2020-10-28
CVE-2020-27978
Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-10-28
CVE-2020-22552
The Snap7 server component in version 1.4.1, when an attacker sends a crafted packet with COTP protocol the last-data-unit flag set to No and S7 writes a var function, the Snap7 server will be crashed.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-10-28
CVE-2020-24303
Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.
CVSS Score
6.1
EPSS Score
0.008
Published
2020-10-28
CVE-2020-8260
Known exploited
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.
CVSS Score
7.2
EPSS Score
0.679
Published
2020-10-28
CVE-2020-8261
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.
CVSS Score
4.3
EPSS Score
0.006
Published
2020-10-28
CVE-2020-8262
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.
CVSS Score
6.1
EPSS Score
0.001
Published
2020-10-28
CVE-2020-8263
A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-10-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved