Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2018
CVE-2018-18567
AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.
CVSS Score
5.9
EPSS Score
0.009
Published
2018-10-24
CVE-2018-18568
Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business.
CVSS Score
5.9
EPSS Score
0.001
Published
2018-10-24
CVE-2018-18621
CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Mail Composer, which is mishandled in /MIME/INBOX-MM-1/ if the raw email link (in .txt format) is modified and then renamed with a .html or .wssp extension.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-10-24
CVE-2018-13342
The server API in the Anda app relies on hardcoded credentials.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-10-24
CVE-2018-15750
Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.
CVSS Score
5.3
EPSS Score
0.012
Published
2018-10-24
CVE-2018-15751
SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).
CVSS Score
9.8
EPSS Score
0.009
Published
2018-10-24
CVE-2018-17903
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery.
CVSS Score
9.1
EPSS Score
0.005
Published
2018-10-24
CVE-2018-18547
Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-10-24
CVE-2018-18548
ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager.
CVSS Score
6.1
EPSS Score
0.027
Published
2018-10-24
CVE-2018-18635
www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-10-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved