Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2018
CVE-2018-18209
XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_type parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-10-10
CVE-2018-18210
XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_url parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-10-10
CVE-2018-18211
PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php/cms/addform?fcode=1 URI.
CVSS Score
8.1
EPSS Score
0.003
Published
2018-10-10
CVE-2018-17915
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-10-10
CVE-2018-17917
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and connect to valid devices using one of the supported apps.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-10-10
CVE-2018-17919
All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/view video streams.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-10-10
CVE-2018-18207
Virtualmin 6.03 allows Frame Injection via the settings-editor_read.cgi file parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-10-10
CVE-2018-18208
Virtualmin 6.03 allows XSS via the query string, as demonstrated by the webmin_search.cgi URI.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-10-10
CVE-2018-12131
Permissions in the driver pack installers for Intel NVMe before version 4.0.0.1007 and Intel RSTe before version 4.7.0.2083 may allow an authenticated user to potentially escalate privilege via local access.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-10-10
CVE-2018-15311
When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.5.1-11.5.6 is processing specially crafted TCP traffic with the Large Receive Offload (LRO) feature enabled, TMM may crash, leading to a failover event. This vulnerability is not exposed unless LRO is enabled, so most affected customers will be on 13.1.x. LRO has been available since 11.4.0 but is not enabled by default until 13.1.0.
CVSS Score
5.9
EPSS Score
0.035
Published
2018-10-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved