Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2022
CVE-2022-32966
RTL8168FP-CG Dash remote management function has missing authorization. An unauthenticated attacker within the adjacent network can connect to DASH service port to disrupt service.
CVSS Score
6.5
EPSS Score
0.0
Published
2022-11-29
CVE-2022-32967
RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information.
CVSS Score
2.1
EPSS Score
0.001
Published
2022-11-29
CVE-2022-36136
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment.
CVSS Score
4.8
EPSS Score
0.001
Published
2022-11-29
CVE-2022-36137
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader.
CVSS Score
4.8
EPSS Score
0.001
Published
2022-11-29
CVE-2022-41675
A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the user side.
CVSS Score
8.0
EPSS Score
0.004
Published
2022-11-29
CVE-2022-41676
Raiden MAILD Mail Server website mail field has insufficient filtering for user input. A remote attacker with general user privilege can send email using the website with malicious JavaScript in the input field, which triggers XSS (Reflected Cross-Site Scripting) attack to the mail recipient.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-11-29
CVE-2022-42099
KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-11-29
CVE-2022-42100
KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-11-29
CVE-2022-42109
Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-11-29
CVE-2022-45304
Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder.
CVSS Score
4.3
EPSS Score
0.0
Published
2022-11-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved