Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2019
CVE-2019-17219
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the device does not enforce any authentication. An adjacent attacker is able to use the network interface without proper access control.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-10-06
CVE-2019-17213
The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS via the URI or the X-Forwarded-For HTTP header.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-10-06
CVE-2019-17214
The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-10-06
CVE-2019-17206
Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-10-05
CVE-2019-17204
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-10-05
CVE-2019-17205
TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-10-05
CVE-2019-17203
TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-10-05
CVE-2019-17199
www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory Traversal (for reading arbitrary files) because of an unanchored regular expression, as demonstrated by the a.jpg\.. substring.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-10-05
CVE-2019-17197
OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic filter criteria in library/clinical_rules.php that affects library/patient.inc.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-10-05
CVE-2019-17191
The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-10-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved