Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2019
CVE-2019-17189
totemodata 3.0.0_b936 has XSS via a folder name.
CVSS Score
5.4
EPSS Score
0.005
Published
2019-10-22
CVE-2019-4523
IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 165481.
CVSS Score
8.4
EPSS Score
0.002
Published
2019-10-22
CVE-2019-17424
A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted file.
CVSS Score
7.8
EPSS Score
0.284
Published
2019-10-22
CVE-2019-16404
Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter.
CVSS Score
8.8
EPSS Score
0.0
Published
2019-10-21
CVE-2019-17400
The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-10-21
CVE-2019-17498
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
CVSS Score
8.1
EPSS Score
0.013
Published
2019-10-21
CVE-2019-16969
In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-21
CVE-2019-16974
In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-21
CVE-2019-17220
Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line.
CVSS Score
6.1
EPSS Score
0.026
Published
2019-10-21
CVE-2019-16970
In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses an unsanitized "savemsg" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-10-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved