Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2023
CVE-2023-44008
File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function.
CVSS Score
9.8
EPSS Score
0.094
Published
2023-10-02
CVE-2023-44009
File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the Skin Management function.
CVSS Score
9.8
EPSS Score
0.094
Published
2023-10-02
CVE-2023-3592
In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.
CVSS Score
5.8
EPSS Score
0.0
Published
2023-10-02
CVE-2023-43835
Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content.
CVSS Score
8.8
EPSS Score
0.035
Published
2023-10-02
CVE-2023-43890
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request.
CVSS Score
8.8
EPSS Score
0.014
Published
2023-10-02
CVE-2023-44463
An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-10-02
CVE-2023-5344
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.
CVSS Score
4.0
EPSS Score
0.001
Published
2023-10-02
CVE-2023-37605
Weak Exception Handling vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password parameter.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-10-02
CVE-2023-0809
In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.
CVSS Score
5.8
EPSS Score
0.0
Published
2023-10-02
CVE-2023-4659
Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an unprivileged remote user is able to create, delete and modify users within theapplication.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-10-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved