Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2018
CVE-2018-18530
ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-10-19
CVE-2018-18531
text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random (rather than SecureRandom) function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force approach.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-10-19
CVE-2018-18527
OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-10-19
CVE-2018-18520
An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.
CVSS Score
6.5
EPSS Score
0.008
Published
2018-10-19
CVE-2018-18521
Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-10-19
CVE-2018-18390
User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-10-19
CVE-2018-18391
User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-10-19
CVE-2018-18392
Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-10-19
CVE-2018-18393
Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-10-19
CVE-2018-18394
Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-10-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved