Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2019
CVE-2019-17608
HongCMS 3.0.0 has XSS via the install/index.php dbname parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-10-16
CVE-2019-17609
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-10-16
CVE-2019-17610
HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-10-16
CVE-2019-17611
HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-10-16
CVE-2019-13116
The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections
CVSS Score
9.8
EPSS Score
0.027
Published
2019-10-16
CVE-2019-17664
NSA Ghidra through 9.0.4 uses a potentially untrusted search path. When executing Ghidra from a given path, the Java process working directory is set to this path. Then, when launching the Python interpreter via the "Ghidra Codebrowser > Window > Python" option, Ghidra will try to execute the cmd.exe program from this working directory.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-10-16
CVE-2019-17665
NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it loads jansi.dll from the current working directory.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-10-16
CVE-2019-17435
A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-10-16
CVE-2019-17436
A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system.
CVSS Score
7.1
EPSS Score
0.0
Published
2019-10-16
CVE-2019-17512
There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can clear the router's log file via act=clear&logtype=sysact to log_clear.php, which could be used to erase attack traces.
CVSS Score
9.1
EPSS Score
0.04
Published
2019-10-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved