Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2019
CVE-2015-9452
The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-10-07
CVE-2015-9453
The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-07
CVE-2015-9454
The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter.
CVSS Score
8.8
EPSS Score
0.007
Published
2019-10-07
CVE-2015-9455
The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.
CVSS Score
8.1
EPSS Score
0.001
Published
2019-10-07
CVE-2015-9456
The orbisius-child-theme-creator plugin before 1.2.8 for WordPress has incorrect access control for file modification via the wp-admin/admin-ajax.php?action=orbisius_ctc_theme_editor_ajax&sub_cmd=save_file theme_1, theme_1_file, or theme_1_file_contents parameter.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-10-07
CVE-2019-12811
ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to execute arbitrary command via the ShellOpen method. This can be leveraged for code execution
CVSS Score
9.8
EPSS Score
0.01
Published
2019-10-07
CVE-2019-12812
MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbitrary command via specifically crafted configuration file. This can be leveraged for code execution.
CVSS Score
9.8
EPSS Score
0.015
Published
2019-10-07
CVE-2019-17315
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Administration module by an Admin user.
CVSS Score
7.2
EPSS Score
0.009
Published
2019-10-07
CVE-2019-17316
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user.
CVSS Score
8.8
EPSS Score
0.011
Published
2019-10-07
CVE-2019-3688
The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary
CVSS Score
5.1
EPSS Score
0.001
Published
2019-10-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved