Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2018
CVE-2018-18842
CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 (Zero), which allows remote attackers to execute arbitrary PHP code.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-10-30
CVE-2018-18822
Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-10-30
CVE-2018-18825
Pagoda Linux panel V6.0 has XSS via the verification code associated with an invalid account login. A crafted code is mishandled during rendering of the login log.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-10-30
CVE-2018-18826
There exists a heap-based buffer overflow in vc1_decode_p_mb_intfi in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-10-30
CVE-2018-18827
There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-10-30
CVE-2018-18828
There exists a heap-based buffer overflow in vc1_decode_i_block_adv in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-10-30
CVE-2018-18829
There exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-10-30
CVE-2018-18830
An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercept the data packet. In the name parameter, change the suffix to jsp. In the response, the server returns the storage path of the file, which can be accessed to execute arbitrary JSP code.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-10-30
CVE-2018-18831
An issue was discovered in com\mingsoft\cms\action\GeneraterAction.java in MCMS 4.6.5. An attacker can write a .jsp file (in the position parameter) to an arbitrary directory via a ../ Directory Traversal in the url parameter.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-10-30
CVE-2018-18817
The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-10-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved