Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2023
CVE-2023-46491
ZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) vulnerability in the Version Library.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-10-27
CVE-2023-27170
Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter.
CVSS Score
7.5
EPSS Score
0.006
Published
2023-10-26
CVE-2018-16739
An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-10-26
CVE-2018-17558
Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.
CVSS Score
9.8
EPSS Score
0.025
Published
2023-10-26
CVE-2018-17559
Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-10-26
CVE-2018-17878
Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-10-26
CVE-2018-17879
An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.
CVSS Score
9.8
EPSS Score
0.487
Published
2023-10-26
CVE-2023-38328
An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password.
CVSS Score
4.9
EPSS Score
0.001
Published
2023-10-26
CVE-2023-42406
SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component.
CVSS Score
9.8
EPSS Score
0.197
Published
2023-10-26
CVE-2023-43352
An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component.
CVSS Score
7.8
EPSS Score
0.007
Published
2023-10-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved